utmstack
diff --git a/‎CHANGELOG.md‎
Lines changed: 12 additions & 1 deletion b/‎CHANGELOG.md‎
Lines changed: 12 additions & 1 deletion
diff --git a/‎agent/modules/syslog.go‎
Lines changed: 109 additions & 5 deletions b/‎agent/modules/syslog.go‎
Lines changed: 109 additions & 5 deletions
diff --git a/‎backend/src/main/java/com/park/utmstack/aop/logging/impl/AlertLoggingAspect.java‎
Lines changed: 18 additions & 18 deletions b/‎backend/src/main/java/com/park/utmstack/aop/logging/impl/AlertLoggingAspect.java‎
Lines changed: 18 additions & 18 deletions
diff --git a/‎backend/src/main/java/com/park/utmstack/domain/reports/types/IncidentType.java‎
Lines changed: 4 additions & 4 deletions b/‎backend/src/main/java/com/park/utmstack/domain/reports/types/IncidentType.java‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎…domain/shared_types/alert/AlertType.java‎ ‎…/domain/shared_types/alert/UtmAlert.java‎backend/src/main/java/com/park/utmstack/domain/shared_types/alert/AlertType.java renamed to backend/src/main/java/com/park/utmstack/domain/shared_types/alert/UtmAlert.java
Lines changed: 5 additions & 1 deletion b/‎…domain/shared_types/alert/AlertType.java‎ ‎…/domain/shared_types/alert/UtmAlert.java‎backend/src/main/java/com/park/utmstack/domain/shared_types/alert/AlertType.java renamed to backend/src/main/java/com/park/utmstack/domain/shared_types/alert/UtmAlert.java
Lines changed: 5 additions & 1 deletion
diff --git a/‎backend/src/main/java/com/park/utmstack/repository/network_scan/UtmNetworkScanRepository.java‎
Lines changed: 6 additions & 0 deletions b/‎backend/src/main/java/com/park/utmstack/repository/network_scan/UtmNetworkScanRepository.java‎
Lines changed: 6 additions & 0 deletions
@@ -1,7 +1,18 @@
-# UTMStack 11.0.0-beta.1 Release Notes
+# UTMStack 11.0.0 Release Notes
 
 This is the release notes for **UTMStack v11**, a major update from v10. This version introduces significant improvements and new features aimed at enhancing performance, scalability, and security.
 
+## ⚠️ BREAKING CHANGE - Migration Required
+
+**IMPORTANT:** UTMStack v11 introduces fundamental architectural changes that make it **incompatible with v10**.
+
+- **Direct upgrades from v10 to v11 are NOT supported**
+- A **complete migration** is required to move from v10 to v11
+- We are currently developing a **migration tool** to facilitate this process
+- **Do not attempt to upgrade** your v10 installation to v11 until the migration tool is available
+
+Please contact our support team for guidance on migration planning and timeline.
+
 ## Key Highlights
 
 ### Performance and Resource Optimization
 
@@ -9,6 +9,7 @@ import (
 	"io"
 	"net"
 	"os"
+	"strconv"
 	"strings"
 	"time"
 
@@ -20,6 +21,20 @@ import (
 	"github.com/utmstack/UTMStack/agent/utils"
 )
 
+const (
+	MinBufferSize         = 480
+	RecommendedBufferSize = 2048
+	MaxBufferSize         = 8192
+	UDPBufferSize         = 2048
+)
+
+type FramingMethod int
+
+const (
+	FramingNewline FramingMethod = iota
+	FramingOctetCounting
+)
+
 type SyslogModule struct {
 	DataType    string
 	TCPListener listenerTCP
@@ -204,7 +219,7 @@ func (m *SyslogModule) enableUDP() {
 		m.UDPListener.Listener = listener
 		m.UDPListener.CTX, m.UDPListener.Cancel = context.WithCancel(context.Background())
 
-		buffer := make([]byte, 1024)
+		buffer := make([]byte, UDPBufferSize)
 		msgChannel := make(chan config.MSGDS)
 
 		go m.handleConnectionUDP(msgChannel)
@@ -291,6 +306,88 @@ func (m *SyslogModule) disableUDP() {
 	}
 }
 
+// detectFramingMethod detects the syslog framing method by peeking at the first byte
+func detectFramingMethod(reader *bufio.Reader) (FramingMethod, error) {
+	firstByte, err := reader.Peek(1)
+	if err != nil {
+		utils.Logger.ErrorF("failed to peek first byte for framing detection: %v", err)
+		return 0, fmt.Errorf("failed to peek first byte: %w", err)
+	}
+
+	if firstByte[0] >= '0' && firstByte[0] <= '9' {
+		return FramingOctetCounting, nil
+	}
+
+	if firstByte[0] == '<' {
+		return FramingNewline, nil
+	}
+
+	utils.Logger.ErrorF("unknown framing method detected, first byte: 0x%02x", firstByte[0])
+	return 0, fmt.Errorf("unknown framing method, first byte: 0x%02x", firstByte[0])
+}
+
+// readOctetCountingFrame reads a syslog message using octet counting framing method
+func readOctetCountingFrame(reader *bufio.Reader) (string, error) {
+	lengthStr, err := reader.ReadString(' ')
+	if err != nil {
+		utils.Logger.ErrorF("failed to read message length in octet counting frame: %v", err)
+		return "", fmt.Errorf("failed to read message length: %w", err)
+	}
+
+	lengthStr = strings.TrimSuffix(lengthStr, " ")
+	msgLen, err := strconv.Atoi(lengthStr)
+	if err != nil {
+		utils.Logger.ErrorF("invalid message length '%s' in octet counting frame: %v", lengthStr, err)
+		return "", fmt.Errorf("invalid message length '%s': %w", lengthStr, err)
+	}
+
+	if msgLen < 1 {
+		utils.Logger.ErrorF("message length %d is too small (minimum 1 byte)", msgLen)
+		return "", fmt.Errorf("message length %d is too small (minimum 1)", msgLen)
+	}
+	if msgLen > MaxBufferSize {
+		utils.Logger.ErrorF("message length %d exceeds maximum %d bytes", msgLen, MaxBufferSize)
+		return "", fmt.Errorf("message length %d exceeds maximum %d", msgLen, MaxBufferSize)
+	}
+
+	msgBytes := make([]byte, msgLen)
+	_, err = io.ReadFull(reader, msgBytes)
+	if err != nil {
+		utils.Logger.ErrorF("failed to read %d byte message body: %v", msgLen, err)
+		return "", fmt.Errorf("failed to read %d byte message body: %w", msgLen, err)
+	}
+
+	return string(msgBytes), nil
+}
+
+// readNewlineFrame reads a syslog message using newline-delimited framing method
+func readNewlineFrame(reader *bufio.Reader) (string, error) {
+	message, err := reader.ReadString('\n')
+	if err != nil {
+		utils.Logger.ErrorF("failed to read newline-delimited message: %v", err)
+		return "", fmt.Errorf("failed to read newline-delimited message: %w", err)
+	}
+	return message, nil
+}
+
+// readSyslogMessage reads a syslog message with automatic framing detection
+func readSyslogMessage(reader *bufio.Reader) (string, error) {
+	method, err := detectFramingMethod(reader)
+	if err != nil {
+		return "", err
+	}
+
+	switch method {
+	case FramingOctetCounting:
+		return readOctetCountingFrame(reader)
+	case FramingNewline:
+		return readNewlineFrame(reader)
+	default:
+		utils.Logger.ErrorF("unsupported framing method: %d", method)
+		return "", fmt.Errorf("unsupported framing method: %d", method)
+	}
+}
+
 func (m *SyslogModule) handleConnectionTCP(c net.Conn) {
 	defer c.Close()
 	reader := bufio.NewReader(c)
@@ -336,12 +433,17 @@ func (m *SyslogModule) handleConnectionTCP(c net.Conn) {
 		case <-m.TCPListener.CTX.Done():
 			return
 		default:
-			message, err := reader.ReadString('\n')
+			message, err := readSyslogMessage(reader)
 			if err != nil {
-				if err == io.EOF || err.(net.Error).Timeout() {
+				if err == io.EOF {
+					utils.Logger.Info("TCP connection closed by %s", remoteAddr)
+					return
+				}
+				if netErr, ok := err.(net.Error); ok && netErr.Timeout() {
+					utils.Logger.Info("TCP connection timeout from %s", remoteAddr)
 					return
 				}
-				utils.Logger.ErrorF("error reading tcp data: %v", err)
+				utils.Logger.ErrorF("error reading syslog message from %s: %v", remoteAddr, err)
 				return
 			}
 			msgChannel <- config.MSGDS{
@@ -398,12 +500,14 @@ func (m *SyslogModule) handleTLSConnection(conn net.Conn) {
 		default:
 			// Set read timeout for each message
 			conn.SetDeadline(time.Now().Add(30 * time.Second))
-			message, err := reader.ReadString('\n')
+			message, err := readSyslogMessage(reader)
 			if err != nil {
 				if err == io.EOF {
+					utils.Logger.Info("TLS connection closed by %s", remoteAddr)
 					return
 				}
 				if netErr, ok := err.(net.Error); ok && netErr.Timeout() {
+					utils.Logger.Info("TLS connection timeout from %s", remoteAddr)
 					return
 				}
 				utils.Logger.ErrorF("error reading TLS data from %s: %v", remoteAddr, err)
 
@@ -5,7 +5,7 @@
 import com.park.utmstack.domain.chart_builder.types.query.FilterType;
 import com.park.utmstack.domain.chart_builder.types.query.OperatorType;
 import com.park.utmstack.domain.index_pattern.enums.SystemIndexPattern;
-import com.park.utmstack.domain.shared_types.alert.AlertType;
+import com.park.utmstack.domain.shared_types.alert.UtmAlert;
 import com.park.utmstack.security.SecurityUtils;
 import com.park.utmstack.service.UtmAlertLogService;
 import com.park.utmstack.service.elasticsearch.ElasticsearchService;
@@ -87,14 +87,14 @@ public Object logManualAlertStatusChange(ProceedingJoinPoint joinPoint) throws T
             Integer status = (Integer) args[1];
             String statusObservation = (String) args[2];
 
-            List<AlertType> alerts = getAlerts(alertIds);
+            List<UtmAlert> alerts = getAlerts(alertIds);
 
             joinPoint.proceed();
 
             if (CollectionUtils.isEmpty(alerts))
                 return null;
 
-            for (AlertType alert : alerts) {
+            for (UtmAlert alert : alerts) {
                 UtmAlertLog alertLog = new UtmAlertLog();
                 alertLog.setAlertId(alert.getId());
                 alertLog.setLogUser(SecurityUtils.getCurrentUserLogin().orElse("system"));
@@ -146,19 +146,19 @@ public Object logAutomaticAlertStatusChange(ProceedingJoinPoint joinPoint) throw
                 .size(Constants.LOG_ANALYZER_TOTAL_RESULTS)
                 .query(query));
 
-            HitsMetadata<AlertType> response = elasticsearchService.search(sr, AlertType.class).hits();
+            HitsMetadata<UtmAlert> response = elasticsearchService.search(sr, UtmAlert.class).hits();
 
             joinPoint.proceed();
 
             if (response.total().value() <= 0)
                 return null;
 
-            List<AlertType> alerts = response.hits().stream().map(Hit::source).collect(Collectors.toList());
+            List<UtmAlert> alerts = response.hits().stream().map(Hit::source).collect(Collectors.toList());
 
             if (CollectionUtils.isEmpty(alerts))
                 return null;
 
-            for (AlertType alert : alerts) {
+            for (UtmAlert alert : alerts) {
                 UtmAlertLog alertLog = new UtmAlertLog();
                 alertLog.setAlertId(alert.getId());
                 alertLog.setLogUser("system");
@@ -197,7 +197,7 @@ public Object logManualAlertTagsChange(ProceedingJoinPoint joinPoint) throws Thr
             List alertIds = (List) args[0];
             List tags = (List) args[1];
 
-            List<AlertType> alerts = getAlerts(alertIds);
+            List<UtmAlert> alerts = getAlerts(alertIds);
 
             joinPoint.proceed();
 
@@ -206,7 +206,7 @@ public Object logManualAlertTagsChange(ProceedingJoinPoint joinPoint) throws Thr
 
             String user = SecurityUtils.getCurrentUserLogin().orElse("system");
 
-            for (AlertType alert : alerts) {
+            for (UtmAlert alert : alerts) {
                 UtmAlertLog alertLog = new UtmAlertLog();
                 alertLog.setAlertId(alert.getId());
                 alertLog.setLogUser(user);
@@ -247,21 +247,21 @@ public Object logAutomaticAlertTagsChange(ProceedingJoinPoint joinPoint) throws
             SearchRequest request = SearchRequest.of(s -> s.query(query)
                 .size(Constants.LOG_ANALYZER_TOTAL_RESULTS).index(indexPattern));
 
-            HitsMetadata<AlertType> hits = elasticsearchService.search(request, AlertType.class).hits();
+            HitsMetadata<UtmAlert> hits = elasticsearchService.search(request, UtmAlert.class).hits();
 
             joinPoint.proceed();
 
             if (hits.total().value() <= 0)
                 return null;
 
-            List<AlertType> alerts = hits.hits().stream().map(Hit::source).collect(Collectors.toList());
+            List<UtmAlert> alerts = hits.hits().stream().map(Hit::source).collect(Collectors.toList());
 
             if (CollectionUtils.isEmpty(alerts))
                 return null;
 
             String user = SecurityUtils.getCurrentUserLogin().orElse("system");
 
-            for (AlertType alert : alerts) {
+            for (UtmAlert alert : alerts) {
                 UtmAlertLog alertLog = new UtmAlertLog();
                 alertLog.setAlertId(alert.getId());
                 alertLog.setLogUser(user);
@@ -294,7 +294,7 @@ public Object logManualAlertNotesChange(ProceedingJoinPoint joinPoint) throws Th
             String alertId = (String) args[0];
             String notes = (String) args[1];
 
-            List<AlertType> alerts = getAlerts(Collections.singletonList(alertId));
+            List<UtmAlert> alerts = getAlerts(Collections.singletonList(alertId));
 
             joinPoint.proceed();
 
@@ -303,7 +303,7 @@ public Object logManualAlertNotesChange(ProceedingJoinPoint joinPoint) throws Th
 
             String user = SecurityUtils.getCurrentUserLogin().orElse("system");
 
-            for (AlertType alert : alerts) {
+            for (UtmAlert alert : alerts) {
                 UtmAlertLog alertLog = new UtmAlertLog();
                 alertLog.setAlertId(alert.getId());
                 alertLog.setLogUser(user);
@@ -347,19 +347,19 @@ public Object logConvertToIncident(ProceedingJoinPoint joinPoint) throws Throwab
             SearchRequest request = SearchRequest.of(s -> s.size(Constants.LOG_ANALYZER_TOTAL_RESULTS)
                 .query(query).index(indexPattern));
 
-            HitsMetadata<AlertType> hits = elasticsearchService.search(request, AlertType.class).hits();
+            HitsMetadata<UtmAlert> hits = elasticsearchService.search(request, UtmAlert.class).hits();
 
             joinPoint.proceed();
 
             if (hits.total().value() <= 0)
                 return null;
 
-            List<AlertType> alerts = hits.hits().stream().map(Hit::source).collect(Collectors.toList());
+            List<UtmAlert> alerts = hits.hits().stream().map(Hit::source).collect(Collectors.toList());
 
             if (CollectionUtils.isEmpty(alerts))
                 return null;
 
-            for (AlertType alert : alerts) {
+            for (UtmAlert alert : alerts) {
                 UtmAlertLog alertLog = new UtmAlertLog();
                 alertLog.setAlertId(alert.getId());
                 alertLog.setLogUser(incidentCreatedBy);
@@ -393,14 +393,14 @@ public Object logConvertToIncident(ProceedingJoinPoint joinPoint) throws Throwab
      * @return
      * @throws Exception
      */
-    private List<AlertType> getAlerts(List<?> ids) throws Exception {
+    private List<UtmAlert> getAlerts(List<?> ids) throws Exception {
         final String ctx = CLASS_NAME + ".getAlerts";
         try {
             List<FilterType> filters = new ArrayList<>();
             filters.add(new FilterType(Constants.alertIdKeyword, OperatorType.IS_ONE_OF_TERMS, ids));
             SearchRequest request = SearchRequest.of(s -> s.query(SearchUtil.toQuery(filters))
                 .index(Constants.SYS_INDEX_PATTERN.get(SystemIndexPattern.ALERTS)));
-            HitsMetadata<AlertType> hits = elasticsearchService.search(request, AlertType.class).hits();
+            HitsMetadata<UtmAlert> hits = elasticsearchService.search(request, UtmAlert.class).hits();
             if (hits.total().value() <= 0)
                 return Collections.emptyList();
             return hits.hits().stream().map(Hit::source).collect(Collectors.toList());
 
@@ -1,20 +1,20 @@
 package com.park.utmstack.domain.reports.types;
 
 import com.park.utmstack.domain.incident_response.UtmIncidentJob;
-import com.park.utmstack.domain.shared_types.alert.AlertType;
+import com.park.utmstack.domain.shared_types.alert.UtmAlert;
 
 import java.util.List;
 
 public class IncidentType {
-    private AlertType incident;
+    private UtmAlert incident;
     private List<UtmIncidentJob> srcResponses;
     private List<UtmIncidentJob> destResponses;
 
-    public AlertType getIncident() {
+    public UtmAlert getIncident() {
         return incident;
     }
 
-    public void setIncident(AlertType incident) {
+    public void setIncident(UtmAlert incident) {
         this.incident = incident;
     }
 
 
@@ -18,7 +18,7 @@
 @JsonIgnoreProperties(ignoreUnknown = true)
 @Getter
 @Setter
-public class AlertType {
+public class UtmAlert {
     @JsonProperty("@timestamp")
     private String timestamp;
 
@@ -106,6 +106,10 @@ public class AlertType {
     @JsonProperty("logs")
     private List<String> logs;
 
+    private String assetGroupName;
+
+    private Long assetGroupId;
+
     public Instant getTimestampAsInstant() {
         if (StringUtils.hasText(timestamp))
             return Instant.parse(timestamp);
 
@@ -123,4 +123,10 @@ void updateGroup(@Param("assetIds") List<Long> assetIds,
 
     @Query(nativeQuery = true, value = "select n.asset_name from utm_network_scan n where n.asset_name is not null and n.is_agent is true and n.asset_alive is true and n.asset_status <> 'MISSING' and n.asset_os_platform = :platform")
     List<String> findAgentNamesByPlatform(@Param("platform") String platform);
+
+    @Query("SELECT ns.assetName, ns.groupId, ag.groupName " +
+            "FROM UtmNetworkScan ns " +
+            "JOIN UtmAssetGroup ag ON ns.groupId = ag.id " +
+            "WHERE ns.groupId IS NOT NULL")
+    List<Object[]> findAllAssetGroupMappings();
 }