CN105141448A - Method and device for collecting log - Google Patents
Method and device for collecting log Download PDFInfo
- Publication number
- CN105141448A CN105141448A CN201510451557.1A CN201510451557A CN105141448A CN 105141448 A CN105141448 A CN 105141448A CN 201510451557 A CN201510451557 A CN 201510451557A CN 105141448 A CN105141448 A CN 105141448A
- Authority
- CN
- China
- Prior art keywords
- daily record
- knowledge module
- record knowledge
- services end
- log services
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
Abstract
The embodiment of the invention relates to a method and a device for collecting a log. The method comprises the following steps: reading at least one log knowledge module from a log knowledge module list by a log client side; executing the log knowledge module, analyzing a log file of the corresponding operation system or application system, and collecting target content information of the log file; and transmitting the collected target content information to a log server side. Therefore, the comprehensiveness and applicability of collected information can be improved; the collection method is simple; and the collection efficiency can be greatly improved.
Description
Technical field
The present invention relates to areas of information technology, particularly relate to a kind of acquisition method and device of daily record.
Background technology
Operating system (e.g., Windows, Linux etc.) on server and the application program run have corresponding journal file, and operating system has syslog file, and application system has application journal file.Have recorded the information such as this startup of server, closedown, user's login, application program operation in journal file.Information in acquisition system journal file and application journal file, for the important role such as the system failure, application and trouble of the systematic function of Analysis server, application performance or diagnosis server.
In prior art, the mode gathering journal file mainly contains: based on Simple Network Management Protocol (SimpleNetworkManagementProtocol, SNMP) trap (Trap) acquisition mode, based on the acquisition mode of system journal (SystemLog, Syslog) agreement, the acquisition mode based on Telnet (Telnet).But, owing to being based on event driven based on the acquisition mode of SNMPTrap, agency is the ability notifying management system when listening to fault only, non-faulting information can not inform management system, and thus, the information causing management system to obtain is not comprehensive, in addition, which can only be carried out based on snmp protocol, and the form of the message gathered needs definition separately, has certain limitation; Mode based on Syslog agreement uses user datagram protocol (UserDatagramProtocol, UDP) as host-host protocol, the journal file of remote system can be received, but in this kind of mode, most application program writes daily record according to self-defining mode, do not support Syslog agreement, so which can not obtain the information of the journal file of all kinds operating system or application system usually; Based on the mode of Telnet, need first to be remotely logged into Managed Client, the information of journal file is obtained by command mode, again by mail or file transfer protocol (FTP) (FileTransferProtocol, the information of journal file is sent to recipient by mode FTP), but which needs management Telnet information, and need to use mail server or ftp server, there is the problem of poor stability and send mode complexity.
To sum up, there is the problem that information is not comprehensive, poor for applicability and acquisition mode is complicated gathered in the acquisition method of daily record of the prior art.
Summary of the invention
Embodiments provide a kind of acquisition method of daily record, the comprehensive of the information of collection and applicability can be improved, and acquisition method is simple, greatly can improve the efficiency of collection.
First aspect, provide a kind of acquisition method of daily record, the method comprises:
Daily record client reads at least one daily record knowledge module from the list of daily record knowledge module;
Perform described daily record knowledge module, the journal file of corresponding operating system or application system is resolved, and gather the object content information of described journal file;
The described object content information gathered is sent to log services end.
In conjunction with first aspect, in the first implementation of first aspect, described daily record knowledge module comprises one or more target component;
The described daily record knowledge module of described execution, resolves the journal file of corresponding operating system or application system, and the object content information gathering described journal file comprises:
Perform described daily record knowledge module, the journal file of corresponding operating system or application system is resolved, obtains analysis result;
According to described target component, from described analysis result, gather the parameter value of the parameter consistent with described target component, using the object content information of the parameter value of described parameter as described journal file.
In conjunction with the first implementation of first aspect or first aspect, in the second implementation of first aspect, the described daily record knowledge module of described execution comprises:
Periodically perform described daily record knowledge module; And/or,
When the size of described journal file is greater than threshold value, perform described daily record knowledge module.
In conjunction with first aspect or the first implementation of first aspect or the second implementation of first aspect, in the third implementation of first aspect, described method also comprises:
Send inquiry instruction to described log services end, described inquiry instruction is used to indicate described log services end when judging there is the daily record knowledge module of renewal, returns the numbering of the daily record knowledge module of described renewal to described daily record client;
According to the numbering of the daily record knowledge module of described renewal, obtain the daily record knowledge module of described renewal from described log services end.
In conjunction with the third implementation of first aspect, in the 4th kind of implementation of first aspect, the daily record knowledge module of the renewal of described log services end is by described log services end by calling the application programming interface api function of daily record knowledge module distribution site, obtains from described daily record knowledge module distribution site; Or,
The daily record knowledge module of the renewal of described log services end is obtained from storage medium by described log services end.
In conjunction with any one implementation in above-mentioned four kinds of implementations of first aspect or first aspect, in the 5th kind of implementation of first aspect, before described daily record client reads at least one daily record knowledge module from the list of daily record knowledge module, described method also comprises:
According to IP address and the listening port of described log services end, to opening described listening port and the described log services end opening listen mode sends test post;
Receive the acknowledge message that described log services end sends according to the described test post received.
Second aspect, provide a kind of acquisition method of daily record, the method comprises:
Log services end obtains at least one daily record knowledge module;
When receiving the inquiry instruction that daily record client sends, return the numbering of described daily record knowledge module to described daily record client;
Receive the acquisition instruction that described daily record client sends according to the numbering of described daily record knowledge module;
According to described acquisition instruction, described daily record knowledge module is returned to described daily record client, to make daily record knowledge module described in described daily record client executing, the journal file of corresponding operating system or application system is resolved, and gather the object content information of described journal file;
Receive the described object content information that described daily record client gathers.
In conjunction with second aspect, in the first implementation of second aspect, described log services end obtains at least one daily record knowledge module and comprises:
By calling the application programming interface api function of daily record knowledge module distribution site, obtain at least one daily record knowledge module from described daily record knowledge module distribution site; Or,
At least one daily record knowledge module is obtained from storage medium.
In conjunction with the first implementation of second aspect or second aspect, in the second implementation of second aspect, before described log services end obtains at least one daily record knowledge module, described method also comprises:
Described log services termination receives configuration-direct, according to the configuration-direct received, opens listening port, and opens listen mode;
Receive the test post that described daily record client sends;
Acknowledge message is returned to described daily record client according to described test post.
The third aspect, provides a kind of harvester of daily record, and this device comprises: reading unit, collecting unit and transmitting element;
Described reading unit, for reading at least one daily record knowledge module from the list of daily record knowledge module;
Described collecting unit, for performing the described daily record knowledge module that described reading unit reads, resolving the journal file of corresponding operating system or application system, and gathering the object content information of described journal file;
Described transmitting element, for sending the described object content information that described collecting unit gathers to log services end.
In conjunction with the third aspect, in the first implementation of the third aspect, described daily record knowledge module comprises one or more target component;
Described collecting unit specifically for:
Perform described daily record knowledge module, the journal file of corresponding operating system or application system is resolved, obtains analysis result;
According to described target component, from described analysis result, gather the parameter value of the parameter consistent with described target component, using the object content information of the parameter value of described parameter as described journal file.
In conjunction with the first implementation of the third aspect or the third aspect, in the second implementation of the third aspect, described collecting unit specifically for:
Periodically perform described daily record knowledge module; And/or,
When the size of described journal file is greater than threshold value, perform described daily record knowledge module.
In conjunction with the third aspect or the first implementation of the third aspect or the second implementation of the third aspect, in the third implementation of the third aspect, described device also comprises: acquiring unit;
Described transmitting element, also for sending inquiry instruction to described log services end, described inquiry instruction is used to indicate described log services end when judging there is the daily record knowledge module of renewal, returns the numbering of the daily record knowledge module of described renewal;
Described acquiring unit, for the numbering of the daily record knowledge module according to described renewal, obtains the daily record knowledge module of described renewal from described log services end.
In conjunction with the third implementation of the third aspect, in the 4th kind of implementation of the third aspect, the daily record knowledge module of the renewal of described log services end is by described log services end by calling the application programming interface api function of daily record knowledge module distribution site, obtains from described daily record knowledge module distribution site; Or,
The daily record knowledge module of the renewal of described log services end is obtained from storage medium by described log services end.
In conjunction with any one implementation in above-mentioned four kinds of implementations of the third aspect or the third aspect, in the 5th kind of implementation of the third aspect, described device also comprises: receiving element;
Described transmitting element, also for according to the IP address of described log services end and listening port, to opening described listening port and the described log services end opening listen mode sends test post;
Described receiving element, for receiving the acknowledge message that described log services end sends according to the described test post received.
Fourth aspect, provides a kind of harvester of daily record, and this device comprises: acquiring unit, transmitting element and receiving element;
Described acquiring unit, for obtaining at least one daily record knowledge module;
Described transmitting element, for when receiving the inquiry instruction that daily record client sends, returns the numbering of described daily record knowledge module to described daily record client;
Described receiving element, the acquisition instruction that the numbering for receiving the described daily record knowledge module that described daily record client sends according to described transmitting element sends;
Described transmitting element, described acquisition instruction also for receiving according to described receiving element, described daily record knowledge module is returned to described daily record client, to make daily record knowledge module described in described daily record client executing, the journal file of corresponding operating system or application system is resolved, and gathers the object content information of described journal file;
Described receiving element, also for receiving the described object content information that described daily record client gathers.
In conjunction with fourth aspect, in the first implementation of fourth aspect, described acquiring unit specifically for:
By calling the application programming interface api function of daily record knowledge module distribution site, obtain at least one daily record knowledge module from described daily record knowledge module distribution site; Or,
At least one daily record knowledge module is obtained from storage medium.
In conjunction with the first implementation of fourth aspect or fourth aspect, in the second implementation of fourth aspect, described device also comprises: start unit;
Described receiving element, also for receiving configuration-direct;
Described start unit, for the described configuration-direct received according to described receiving element, opens listening port, and opens listen mode;
Described receiving element, also for receiving the test post that described daily record client sends;
Described transmitting element, also for returning acknowledge message according to described test post to described daily record client.
The acquisition method of the daily record that the embodiment of the present invention provides and device, daily record client reads at least one daily record knowledge module from the list of daily record knowledge module; Perform described daily record knowledge module, the journal file of corresponding operating system or application system is resolved, and gather the object content information of described journal file; The described object content information gathered is sent to log services end.Thus, the comprehensive of the information of collection and applicability can be improved, and acquisition method is simple, greatly can improve the efficiency of collection.
Accompanying drawing explanation
The acquisition method flow chart of the daily record that Fig. 1 provides for the embodiment of the present invention one;
Fig. 2 is the acquisition method schematic diagram of daily record provided by the invention;
The acquisition method flow chart of the daily record that Fig. 3 provides for the embodiment of the present invention two;
The harvester schematic diagram of the daily record that Fig. 4 provides for the embodiment of the present invention three;
The harvester schematic diagram of the daily record that Fig. 5 provides for the embodiment of the present invention four;
The harvester schematic diagram of the daily record that Fig. 6 provides for the embodiment of the present invention five;
The harvester schematic diagram of the daily record that Fig. 7 provides for the embodiment of the present invention six.
Embodiment
For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
For ease of the understanding to the embodiment of the present invention, be further explained explanation below in conjunction with accompanying drawing with specific embodiment, embodiment does not form the restriction to the embodiment of the present invention.
The acquisition method of the daily record that the embodiment of the present invention provides is applicable to the information of daily record client (LogClient) to the journal file of various types of operating system or application system, and by the information reporting that gathers to the scene of log services end (LogServer).Herein, the number of daily record client (also claiming log collection client or Collection agent) can be one or more, it can be deployed on the server that is managed, the collection demand of server is managed for basis, load corresponding daily record knowledge module and obtain acquisition capacity, the information of the journal file of acquisition operations system or application system, and the information of collection is sent to log services end; And the number of log services end is generally one, it can dispose separately on the server, also directly can be deployed in the virtual machine privileged operation system (Domain0) that load is lighter, for the reception of the information of admin log warehouse and journal file.It should be noted that, above-mentioned server or the server be managed can be physical machine, also can be virtual machine (VirtualMachine, VM).
The acquisition method flow chart of the daily record that Fig. 1 provides for the embodiment of the present invention one, the executive agent of described method can be daily record client, and as shown in Figure 1, described method specifically can comprise:
S110, daily record client reads at least one daily record knowledge module from the list of daily record knowledge module.
Alternatively, before execution step S110, described method can also comprise the step of the communication link between test log client and log services end:
According to IP address and the listening port of described log services end, to opening described listening port and the described log services end opening listen mode sends test post;
Receive the acknowledge message that described log services end sends according to the described test post received.
After i.e. daily record service end is disposed on the server, need to open 7705 ports in the configuration of server, in addition, also need to start monitoring service program (namely opening listen mode), to ensure the communication of daily record client and log services end.Daily record client needs IP address and the listening port 7705 of specifying daily record service end when the server deploy be managed, and after deployment is good, according to IP address and the listening port 7705 of log services end, opened listening port 7705 to above-mentioned, and the log services end opening listen mode sends test post; If daily record client receives the confirmation message, then illustrate that the communication link between daily record client and log services end is normal; If daily record client does not receive the confirmation message, then need the installation environment checking the server be managed, as fire compartment wall is arranged, change configuration, or reinstall log services end and daily record client, until daily record client receives the confirmation message.
Daily record client local maintenance daily record knowledge module list (KmodSet) in step S110, this daily record knowledge module list comprises one or more daily record knowledge module, each daily record knowledge module in this one or more daily record knowledge module and operating system one_to_one corresponding, or, each daily record knowledge module and application system one_to_one corresponding, it is write in advance according to the operating system of correspondence or application system by programmer.Particularly, can define in daily record knowledge module the journal file of corresponding operating system or application system is performed various operations, the positional information of above-mentioned journal file, format information; In addition, daily record knowledge module can also comprise one or more target component and implication thereof, and this target component can be following one or more information: timestamp, program identification (also claiming acquisition target) and desired value etc.
The content of the above-mentioned daily record knowledge module write can be the form of script file, its usually with independent file (as, * .kmod) exist, can constantly work out according to demand and expand, as, when the corresponding operating system of daily record knowledge module or application system are when upgrading (e.g., increase newly, revise or delete) function, then again can write this daily record knowledge module, and re-start compiling and issue.
The acquisition method schematic diagram of daily record shown in Figure 2, after programmer writes daily record knowledge module, the daily record knowledge module that this can be write uploads to daily record knowledge module distribution site (KmodReleaseSite), or, the daily record knowledge module that also can directly this be write copies to storage medium (e.g., USB flash disk or CD etc.); If the daily record knowledge module write copies to storage medium, then when daily record service end is when being connected to above-mentioned storage medium, just the above-mentioned daily record knowledge module write directly can be copied from storage medium; And if the daily record knowledge module write uploads to daily record knowledge module distribution site, then log services end can according to the application programming interface (ApplicationProgrammingInterface being stored in advance in local daily record knowledge module distribution site and externally providing, API) the above-mentioned daily record knowledge module write is inquired about or obtained to function, in a kind of specific implementation, log services end can store above-mentioned api function in configuration file.
For example, log services end can send " http://kmodreleasesite.com/updated/ " to daily record knowledge module distribution site and inquire about whether there is the daily record knowledge module of renewal (comprising: newly-increased daily record knowledge module and the daily record knowledge module be modified), when daily record knowledge module distribution site returns 1, then indicate the daily record knowledge module of renewal; And when daily record knowledge module distribution site returns 0, then represent the daily record knowledge module not having to upgrade.For another example, log services end can send to daily record knowledge module distribution site the information that " http://kmodreleasesite.com/newkmods/ " obtains the daily record knowledge module of all renewals; Or log services end can send to daily record knowledge module distribution site the information that " http://kmodreleasesite.com/newkmods/101/ " obtains in the daily record knowledge module of all renewals the daily record knowledge module being numbered 101.
Be understandable that, time initial, when log services end does not also get any daily record knowledge module, all daily record knowledge module write in advance that daily record knowledge module distribution site stores are the daily record knowledge module of renewal, also be, time initial, log services end can obtain all daily record knowledge module of daily record knowledge module distribution site.
In Fig. 2, log services end is after getting the daily record knowledge module of renewal from storage medium or daily record knowledge module transmitting station, the daily record knowledge module of renewal can be stored in local daily record warehouse (KmodReponsitory), the distributor (KmodDistributor) of log services end marks the daily record knowledge module upgraded, and also namely the distribution of daily record service end to daily record knowledge module is configurable.When daily record service end receives the inquiry instruction of daily record client transmission, the numbering of the daily record knowledge module (the daily record knowledge module also namely upgraded) of mark is sent to daily record client, afterwards, daily record client is according to the numbering of the daily record knowledge module of mark, obtain the daily record knowledge module of mark from log services end, and the daily record knowledge module of the mark of acquisition is stored in daily record knowledge module list (KmodSet).
It should be noted that, as can be seen from above-mentioned, one or more daily record knowledge module in the list of daily record knowledge module is obtained by daily record client, so just listening port be can open in daily record client, the fail safe of daily record client and the unicity of function also namely ensure that.In addition, in above process, daily record client obtains daily record knowledge module from log services end, instead of obtain from daily record knowledge module distribution site, which ensure that the independence of daily record client place network and the flexibility of configuration.
S120, performs described daily record knowledge module, resolves the journal file of corresponding operating system or application system, and gathers the object content information of described journal file.
Alternatively, after reading at least one daily record knowledge module in step s 110, at least one daily record knowledge module above-mentioned can be loaded by the loader of daily record client (KmodLoader), at least one daily record knowledge module above-mentioned is performed afterwards by the executive module (Executor) of daily record client, wherein, perform described daily record knowledge module in step S120 specifically can comprise:
Periodically perform described daily record knowledge module; And/or,
When the size of described journal file is greater than threshold value, perform described daily record knowledge module.
I.e. daily record client can periodically (namely according to the acquisition time interval pre-set) execution journal knowledge module, or, also can when the size of the journal file of the corresponding operating system of daily record knowledge module or application system be greater than threshold value, execution journal knowledge module, or, when meeting above-mentioned two conditions at the same time, execution journal knowledge module, e.g., periodically judges whether the size of corresponding journal file is greater than threshold value, if be greater than, then execution journal Executive Module.It should be noted that, when the number of daily record knowledge module is multiple, then according to polling algorithm, in one-period, each daily record knowledge module in multiple daily record knowledge module can be performed successively in turn; Or, in one-period, judge whether the size of the journal file that each daily record knowledge module is corresponding is greater than threshold value successively in turn, and the size of execution journal file is greater than the daily record knowledge module of threshold value.
Further, described step S120 can further include:
Perform described daily record knowledge module, the journal file of corresponding operating system or application system is resolved, obtains analysis result;
According to described target component, from described analysis result, gather the parameter value of the parameter consistent with described target component, using the object content information of the parameter value of described parameter as described journal file.
When performing each daily record knowledge module at least one daily record knowledge module, first according to the positional information of the journal file of the corresponding operating system defined in daily record knowledge module or application system, above-mentioned journal file can be obtained; Resolve this journal file according to the various operations defined in daily record knowledge module afterwards, e.g., resolve, obtain analysis result to the character string in journal file, this analysis result can comprise multiple parameter and parameter value.Multiple parameters in target component and analysis result can be carried out comparison one by one by daily record knowledge module, and gather comparison consistent time the parameter value of parameter, when target component is multiple, then can collect the parameter value of multiple parameter, and using the object content information of the parameter value of the plurality of parameter as journal file.In a kind of specific implementation, can also be that above-mentioned object content information adds time identifier.
S130, sends the described object content information gathered to log services end.
See Fig. 2, daily record client is at running log knowledge module, and after collecting object content information, object content information or object content information and time identifier can be sent to log services end by message form, log services end is after receiving above-mentioned object content information or object content information and time identifier, object content information or object content information and time identifier can be recorded to log database (as, NoSQL database), analyzed by analyst (Analyzer) again, and shown by journal displaying module (LogView).
Alternatively, the embodiment of the present invention can also comprise:
Send inquiry instruction to described log services end, described inquiry instruction is used to indicate described log services end when judging there is the daily record knowledge module of renewal, returns the numbering of the daily record knowledge module of described renewal to described daily record client;
According to the numbering of the daily record knowledge module of described renewal, obtain the daily record knowledge module of described renewal from described log services end.
Herein, the daily record knowledge module of renewal comprises: newly-increased daily record knowledge module and the daily record knowledge module be modified.
It should be noted that, when needing to monitor new operating system or application system or follow the tracks of, then need the journal file gathering this new operating system or application system, also just need again to write the operating system new with this or daily record knowledge module (e.g., NewApp.Kmod) corresponding to application system; After newly-increased daily record knowledge module writes, re-start compiling and issue.Herein, newly-increased daily record knowledge module directly can be distributed on daily record knowledge module distribution site or directly copy in storage medium, above-mentioned newly-increased daily record knowledge module is obtained by the api function that daily record knowledge module distribution site externally provides afterwards by log services end, or, directly from storage medium, copy above-mentioned newly-increased daily record knowledge module, and the newly-increased daily record knowledge module obtained is stored in local daily record warehouse, and by distributor, newly-increased daily record knowledge module is marked.
In the daily record warehouse of daily record service end this locality time markd daily record knowledge module (also namely having newly-increased daily record knowledge module), then when receiving the inquiry instruction that daily record client sends, return the numbering of newly-increased daily record knowledge module to daily record client; Daily record client, according to the numbering of this newly-increased daily record knowledge module, obtains this newly-increased daily record knowledge module from log services end, and is stored in local daily record knowledge module list.
In addition, when the operating system monitored or follow the tracks of if current or application system upgrading (or more New function), then need again to write (namely revising daily record knowledge module) corresponding daily record knowledge module, and re-start compiling and issue.Herein, the daily record knowledge module be modified directly can be distributed on daily record knowledge module distribution site or directly copy in storage medium, the above-mentioned daily record knowledge module be modified is obtained by the api function that daily record knowledge module distribution site externally provides afterwards by log services end, or, directly from storage medium, copy the above-mentioned daily record knowledge module be modified, and the daily record knowledge module be modified obtained is stored in local daily record warehouse, and by distributor, the daily record knowledge module be modified is marked.
In the daily record warehouse of daily record service end this locality time markd daily record knowledge module (also namely having the daily record knowledge module be modified), then when receiving the inquiry instruction that daily record client sends, return the numbering of the daily record knowledge module be modified to daily record client; The numbering of the daily record knowledge module that daily record client is modified according to this, obtains this daily record knowledge module be modified from log services end, and upgrades the daily record knowledge module before the amendment stored in local daily record knowledge module list.
As seen from the above, in the embodiment of the present invention, the journal file of new application system or operating system gather demand produce time, only need write and newly-increased daily record knowledge module, without the need to changing daily record client and log services end code, thus significantly improve extensibility and the maintainability of the acquisition method of daily record of the present invention.In addition, log services end of the present invention can upgrade local daily record knowledge module in several ways, thus can be suitable for multiple network environment.
The acquisition method of the daily record that the embodiment of the present invention provides, daily record client reads at least one daily record knowledge module from the list of daily record knowledge module; Perform described daily record knowledge module, the journal file of corresponding operating system or application system is resolved, and gather the object content information of described journal file; The described object content information gathered is sent to log services end.Thus, the comprehensive of the information of collection and applicability can be improved, and acquisition method is simple, greatly can improve the efficiency of collection.
The acquisition method flow chart of the daily record that Fig. 3 provides for the embodiment of the present invention two, the executive agent of described method can be log services end, and as shown in Figure 3, described method specifically can comprise:
S310, log services end obtains at least one daily record knowledge module.
Alternatively, before execution step S310, described method can also comprise the step of the communication link between test log client and log services end:
Described log services termination receives configuration-direct, according to the configuration-direct received, opens listening port, and opens listen mode;
Receive the test post that described daily record client sends;
Acknowledge message is returned to described daily record client according to described test post.
After i.e. daily record service end is disposed on the server, need to open 7705 ports in the configuration of server, in addition, also need to start monitoring service program (namely opening listen mode), to ensure the communication of daily record client and log services end.Daily record client needs IP address and the listening port 7705 of specifying daily record service end when the server deploy be managed, and after deployment is good, according to IP address and the listening port 7705 of log services end, opened listening port 7705 to above-mentioned, and the log services end opening listen mode sends test post; If daily record client receives the confirmation message, then illustrate that the communication link between daily record client and log services end is normal; If daily record client does not receive the confirmation message, then need the installation environment checking the server be managed, as fire compartment wall is arranged, change configuration, or reinstall log services end and daily record client, until daily record client receives the confirmation message.
Get back in S310, log services end can obtain at least one daily record knowledge module by two kinds of modes: first kind of way is, by calling the application programming interface api function of daily record knowledge module distribution site, obtain at least one daily record knowledge module from described daily record knowledge module distribution site; The second way is, obtains at least one daily record knowledge module from storage medium.
First kind of way, for example, log services end can store above-mentioned api function in configuration file, particularly, log services end can send " http://kmodreleasesite.com/updated/ " to daily record knowledge module distribution site and inquire about whether there is the daily record knowledge module of renewal (comprising: newly-increased daily record knowledge module and the daily record knowledge module be modified), when daily record knowledge module distribution site returns 1, then indicate the daily record knowledge module of renewal; And when daily record knowledge module distribution site returns 0, then represent the daily record knowledge module not having to upgrade.For another example, log services end can send to daily record knowledge module distribution site the information that " http://kmodreleasesite.com/newkmods/ " obtains the daily record knowledge module of all renewals; Or log services end can send to daily record knowledge module distribution site the information that " http://kmodreleasesite.com/newkmods/101/ " obtains in the daily record knowledge module of all renewals the daily record knowledge module being numbered 101.
Be understandable that, time initial, when log services end does not also get any daily record knowledge module, all daily record knowledge module write in advance that daily record knowledge module distribution site stores are the daily record knowledge module of renewal, also be, time initial, log services end can obtain all daily record knowledge module of daily record knowledge module distribution site.
In Fig. 2, log services end is after getting the daily record knowledge module of renewal from daily record knowledge module transmitting station, the daily record knowledge module of renewal can be stored in local daily record warehouse (KmodReponsitory), the distributor (KmodDistributor) of log services end marks the daily record knowledge module upgraded, and also namely the distribution of daily record service end to daily record knowledge module is configurable.
The second way, log services end directly obtains at least one daily record knowledge module from storage medium, and at least one the daily record knowledge module obtained is stored in local daily record warehouse, the distributor of log services end marks the daily record knowledge module obtained.
S320, when receiving the inquiry instruction that daily record client sends, returns the numbering of described daily record knowledge module to described daily record client.
S330, receives the acquisition instruction that described daily record client sends according to the numbering of described daily record knowledge module.
S340, according to described acquisition instruction, return described daily record knowledge module to described daily record client, to make daily record knowledge module described in described daily record client executing, the journal file of corresponding operating system or application system is resolved, and gathers the object content information of described journal file.
When daily record service end receives the inquiry instruction of daily record client transmission, the numbering of the daily record knowledge module (the daily record knowledge module also namely upgraded) of mark is sent to daily record client, afterwards, daily record client is according to the numbering of the daily record knowledge module of mark, obtain the daily record knowledge module of mark from log services end, and the daily record knowledge module of the mark of acquisition is stored in daily record knowledge module list (KmodSet).
Alternatively, in step S340, daily record client is after receiving the daily record knowledge module that log services end returns, above-mentioned daily record knowledge module can be loaded by the loader of daily record client, above-mentioned daily record knowledge module is performed afterwards by the executive module of daily record client, wherein, perform described daily record knowledge module specifically can comprise:
Periodically perform described daily record knowledge module; And/or,
When the size of described journal file is greater than threshold value, perform described daily record knowledge module.
I.e. daily record client can periodically (namely according to the acquisition time interval pre-set) execution journal knowledge module, or, also can when the size of the journal file of the corresponding operating system of daily record knowledge module or application system be greater than threshold value, execution journal knowledge module, or, when meeting above-mentioned two conditions at the same time, execution journal knowledge module, e.g., periodically judges whether the size of corresponding journal file is greater than threshold value, if be greater than, then execution journal Executive Module.It should be noted that, when the number of daily record knowledge module is multiple, then according to polling algorithm, in one-period, each daily record knowledge module in multiple daily record knowledge module can be performed successively in turn; Or, in one-period, judge whether the size of the journal file that each daily record knowledge module is corresponding is greater than threshold value successively in turn, and the size of execution journal file is greater than the daily record knowledge module of threshold value.
Further, perform described daily record knowledge module can further include:
Perform described daily record knowledge module, the journal file of corresponding operating system or application system is resolved, obtains analysis result;
According to described target component, from described analysis result, gather the parameter value of the parameter consistent with described target component, using the object content information of the parameter value of described parameter as described journal file.
When performing each daily record knowledge module at least one daily record knowledge module, first according to the positional information of the journal file of the corresponding operating system defined in daily record knowledge module or application system, above-mentioned journal file can be obtained; Resolve this journal file according to the various operations defined in daily record knowledge module afterwards, e.g., resolve, obtain analysis result to the character string in journal file, this analysis result can comprise multiple parameter and parameter value.Multiple parameters in target component and analysis result can be carried out comparison one by one by daily record knowledge module, and gather comparison consistent time the parameter value of parameter, when target component is multiple, then can collect the parameter value of multiple parameter, and using the object content information of the parameter value of the plurality of parameter as journal file.In a kind of specific implementation, can also be that above-mentioned object content information adds time identifier.
S350, receives the described object content information that described daily record client gathers.
See Fig. 2, daily record client is at running log knowledge module, and after collecting object content information, object content information or object content information and time identifier can be sent to log services end by message form, log services end is after receiving above-mentioned object content information or object content information and time identifier, object content information or object content information and time identifier can be recorded to log database (as, NoSQL database), analyzed by analyst (Analyzer) again, and shown by journal displaying module (LogView).
It should be noted that, when needing to monitor new operating system or application system or follow the tracks of, then need the journal file gathering this new operating system or application system, also just need again to write the operating system new with this or daily record knowledge module (e.g., NewApp.Kmod) corresponding to application system; After newly-increased daily record knowledge module writes, re-start compiling and issue.Herein, newly-increased daily record knowledge module directly can be distributed on daily record knowledge module distribution site or directly copy in storage medium, above-mentioned newly-increased daily record knowledge module is obtained by the api function that daily record knowledge module distribution site externally provides afterwards by log services end, or, directly from storage medium, copy above-mentioned newly-increased daily record knowledge module, and the newly-increased daily record knowledge module obtained is stored in local daily record warehouse, and by distributor, newly-increased daily record knowledge module is marked.
In the daily record warehouse of daily record service end this locality time markd daily record knowledge module (also namely having newly-increased daily record knowledge module), then when receiving the inquiry instruction that daily record client sends, return the numbering of newly-increased daily record knowledge module to daily record client; Daily record client, according to the numbering of this newly-increased daily record knowledge module, obtains this newly-increased daily record knowledge module from log services end, and is stored in local daily record knowledge module list.
In addition, when the operating system monitored or follow the tracks of if current or application system upgrading (or more New function), then need again to write (namely revising daily record knowledge module) corresponding daily record knowledge module, and re-start compiling and issue.Herein, the daily record knowledge module be modified directly can be distributed on daily record knowledge module distribution site or directly copy in storage medium, the above-mentioned daily record knowledge module be modified is obtained by the api function that daily record knowledge module distribution site externally provides afterwards by log services end, or, directly from storage medium, copy the above-mentioned daily record knowledge module be modified, and the daily record knowledge module be modified obtained is stored in local daily record warehouse, and by distributor, the daily record knowledge module be modified is marked.
In the daily record warehouse of daily record service end this locality time markd daily record knowledge module (also namely having the daily record knowledge module be modified), then when receiving the inquiry instruction that daily record client sends, return the numbering of the daily record knowledge module be modified to daily record client; The numbering of the daily record knowledge module that daily record client is modified according to this, obtains this daily record knowledge module be modified from log services end, and upgrades the daily record knowledge module before the amendment stored in local daily record knowledge module list.
As seen from the above, in the embodiment of the present invention, the journal file of new application system or operating system gather demand produce time, only need write and newly-increased daily record knowledge module, without the need to changing daily record client and log services end code, thus significantly improve extensibility and the maintainability of the acquisition method of daily record of the present invention.In addition, log services end of the present invention can upgrade local daily record knowledge module in several ways, thus can be suitable for multiple network environment.
The acquisition method of the daily record that the embodiment of the present invention provides, log services end obtains at least one daily record knowledge module; When receiving the inquiry instruction that daily record client sends, return the numbering of described daily record knowledge module to described daily record client; Receive the acquisition instruction that described daily record client sends according to the numbering of described daily record knowledge module; According to described acquisition instruction, described daily record knowledge module is returned to described daily record client, to make daily record knowledge module described in described daily record client executing, the journal file of corresponding operating system or application system is resolved, and gather the object content information of described journal file; Receive the described object content information that described daily record client gathers.Thus, the comprehensive of the information of collection and applicability can be improved, and acquisition method is simple, greatly can improve the efficiency of collection.
The harvester schematic diagram of the daily record that Fig. 4 provides for the embodiment of the present invention three.Described device may be used for performing the method described in Fig. 1.In Fig. 4, this device comprises: reading unit 401, collecting unit 402 and transmitting element 403.
Reading unit 401, for reading at least one daily record knowledge module from the list of daily record knowledge module.
Collecting unit 402, for performing the described daily record knowledge module that reading unit 401 reads, resolving the journal file of corresponding operating system or application system, and gathering the object content information of described journal file.
Alternatively, described daily record knowledge module comprises one or more target component;
Collecting unit 402 specifically for:
Perform described daily record knowledge module, the journal file of corresponding operating system or application system is resolved, obtains analysis result;
According to described target component, from described analysis result, gather the parameter value of the parameter consistent with described target component, using the object content information of the parameter value of described parameter as described journal file.
Alternatively, collecting unit 402 specifically for:
Periodically perform described daily record knowledge module; And/or,
When the size of described journal file is greater than threshold value, perform described daily record knowledge module.
Transmitting element 403, for sending the described object content information that collecting unit 402 gathers to log services end.
Alternatively, described device also comprises: acquiring unit 404;
Transmitting element 403, also for sending inquiry instruction to described log services end, described inquiry instruction is used to indicate described log services end when judging there is the daily record knowledge module of renewal, returns the numbering of the daily record knowledge module of described renewal;
Acquiring unit 404, for the numbering of the daily record knowledge module according to described renewal, obtains the daily record knowledge module of described renewal from described log services end.
Wherein, the daily record knowledge module of the renewal of described log services end is by described log services end by calling the application programming interface api function of daily record knowledge module distribution site, obtains from described daily record knowledge module distribution site; Or,
The daily record knowledge module of the renewal of described log services end is obtained from storage medium by described log services end.
Alternatively, described device also comprises: receiving element 405;
Transmitting element 403, also for according to the IP address of described log services end and listening port, to opening described listening port and the described log services end opening listen mode sends test post;
Receiving element 405, for receiving the acknowledge message that described log services end sends according to the described test post received.
The function of each functional module of embodiment of the present invention device, can be realized by each step of said method embodiment, and therefore, the specific works process of device provided by the invention, does not repeat again at this.
The harvester of the daily record of the embodiment of the present invention, reading unit 401 reads at least one daily record knowledge module from the list of daily record knowledge module; Collecting unit 402 performs described daily record knowledge module, resolves the journal file of corresponding operating system or application system, and gathers the object content information of described journal file; Transmitting element 403 sends the described object content information gathered to log services end.Thus, the comprehensive of the information of collection and applicability can be improved, and acquisition method is simple, greatly can improve the efficiency of collection.In addition, the harvester of the daily record of the embodiment of the present invention still has the simple and feature of (can be applicable to physical machine and virtual machine) applied widely of installation and deployment.
The harvester schematic diagram of the daily record that Fig. 5 provides for the embodiment of the present invention four.Described device may be used for performing the method described in Fig. 3.In Fig. 5, this device comprises: acquiring unit 501, transmitting element 502 and receiving element 503.
Acquiring unit 501, for obtaining at least one daily record knowledge module.
Wherein, acquiring unit 501 specifically for:
By calling the application programming interface api function of daily record knowledge module distribution site, obtain at least one daily record knowledge module from described daily record knowledge module distribution site; Or,
At least one daily record knowledge module is obtained from storage medium.
Transmitting element 502, for when receiving the inquiry instruction that daily record client sends, returns the numbering of described daily record knowledge module to described daily record client.
Receiving element 503, the acquisition instruction that the numbering for receiving the described daily record knowledge module that described daily record client sends according to transmitting element 502 sends.
Transmitting element 502, described acquisition instruction also for receiving according to receiving element 503, described daily record knowledge module is returned to described daily record client, to make daily record knowledge module described in described daily record client executing, the journal file of corresponding operating system or application system is resolved, and gathers the object content information of described journal file.
Receiving element 503, also for receiving the described object content information that described daily record client gathers.
Alternatively, described device also comprises: start unit 504;
Receiving element 503, also for receiving configuration-direct;
Start unit 504, for the described configuration-direct received according to receiving element 503, opens listening port, and opens listen mode;
Receiving element 503, also for receiving the test post that described daily record client sends;
Transmitting element 502, also for returning acknowledge message according to described test post to described daily record client.
The function of each functional module of embodiment of the present invention device, can be realized by each step of said method embodiment, and therefore, the specific works process of device provided by the invention, does not repeat again at this.
The harvester of the daily record of the embodiment of the present invention, acquiring unit 501 obtains at least one daily record knowledge module; Transmitting element 502, when receiving the inquiry instruction that daily record client sends, returns the numbering of described daily record knowledge module to described daily record client; Receiving element 503 receives the acquisition instruction that described daily record client sends according to the numbering of described daily record knowledge module; Transmitting element 502 is according to described acquisition instruction, described daily record knowledge module is returned to described daily record client, to make daily record knowledge module described in described daily record client executing, the journal file of corresponding operating system or application system is resolved, and gathers the object content information of described journal file; Receiving element 503 receives the described object content information that described daily record client gathers.Thus, the comprehensive of the information of collection and applicability can be improved, and acquisition method is simple, greatly can improve the efficiency of collection.In addition, the harvester of the daily record of the embodiment of the present invention still has the simple and feature of (can be applicable to physical machine and virtual machine) applied widely of installation and deployment.
The harvester schematic diagram of the daily record that Fig. 6 provides for the embodiment of the present invention five.As shown in Figure 6, described device comprises: transmitter 601, processor 602 and bus 603, and wherein, transmitter 601 is communicated by bus 603 with processor 602.
For example, processor 602 can be CPU.
Described device can also comprise communication interface 604, and communication interface 604 is connected with processor 602 by bus 603, for communicating with miscellaneous equipment.
Described device can also comprise memory 605, and memory 605 is also connected with processor 602 by system bus 603.Memory 605 can be permanent memory, and such as hard disk drive and flash memory have software module and device driver in memory 605.Software module can perform the various functional modules of said method of the present invention; Device driver can be network and interface drive program.
Processor 602, for reading at least one daily record knowledge module from the list of daily record knowledge module.
Processor 602, also for performing described daily record knowledge module, resolves the journal file of corresponding operating system or application system, and gathers the object content information of described journal file.
Transmitter 601, for sending the described object content information gathered to log services end.
Alternatively, described daily record knowledge module comprises one or more target component;
Processor 602 specifically for: perform described daily record knowledge module, the journal file of corresponding operating system or application system resolved, obtains analysis result;
According to described target component, from described analysis result, gather the parameter value of the parameter consistent with described target component, using the object content information of the parameter value of described parameter as described journal file.
Alternatively, the described daily record knowledge module of described execution comprises:
Periodically perform described daily record knowledge module; And/or,
When the size of described journal file is greater than threshold value, perform described daily record knowledge module.
Alternatively, transmitter 601, also for sending inquiry instruction to described log services end, described inquiry instruction is used to indicate described log services end when judging there is the daily record knowledge module of renewal, returns the numbering of the daily record knowledge module of described renewal to described daily record client;
Processor 602, also for the numbering of the daily record knowledge module according to described renewal, obtains the daily record knowledge module of described renewal from described log services end.
Wherein, the daily record knowledge module of the renewal of described log services end is by described log services end by calling the application programming interface api function of daily record knowledge module distribution site, obtains from described daily record knowledge module distribution site; Or,
The daily record knowledge module of the renewal of described log services end is obtained from storage medium by described log services end.
Alternatively, described device also comprises: receiver 606;
Transmitter 601, also for according to the IP address of described log services end and listening port, to opening described listening port and the described log services end opening listen mode sends test post;
Receiver 606, for receiving the acknowledge message that described log services end sends according to the described test post received.
The harvester of the daily record of the embodiment of the present invention, can improve the comprehensive of the information of collection and applicability, and acquisition method is simple, greatly can improve the efficiency of collection.
The harvester schematic diagram of the daily record that Fig. 7 provides for the embodiment of the present invention six.As shown in Figure 7, described device comprises: receiver 701, transmitter 702, processor 703 and bus 704, and wherein, receiver 701, transmitter 702 are communicated by bus 704 with processor 703.
For example, processor 703 can be CPU.
Described device can also comprise communication interface 705, and communication interface 705 is connected with processor 703 by bus 704, for communicating with miscellaneous equipment.
Described device can also comprise memory 706, and memory 706 is also connected with processor 703 by system bus 704.Memory 706 can be permanent memory, and such as hard disk drive and flash memory have software module and device driver in memory 706.Software module can perform the various functional modules of said method of the present invention; Device driver can be network and interface drive program.
Receiver 701, for obtaining at least one daily record knowledge module.
Alternatively, receiver 701 specifically for: by calling the application programming interface api function of daily record knowledge module distribution site, obtain at least one daily record knowledge module from described daily record knowledge module distribution site; Or,
At least one daily record knowledge module is obtained from storage medium.
Transmitter 702, for when receiving the inquiry instruction that daily record client sends, returns the numbering of described daily record knowledge module to described daily record client.
Receiver 701, also for receiving the acquisition instruction that described daily record client sends according to the numbering of described daily record knowledge module.
Transmitter 702, also for according to described acquisition instruction, described daily record knowledge module is returned to described daily record client, to make daily record knowledge module described in described daily record client executing, the journal file of corresponding operating system or application system is resolved, and gathers the object content information of described journal file.
Transmitter 702, also for receiving the described object content information that described daily record client gathers.
Alternatively, receiver 701, also for receiving configuration-direct;
Processor 703, for according to the configuration-direct received, opens listening port, and opens listen mode;
Receiver 701, also for receiving the test post that described daily record client sends;
Transmitter 702, also for returning acknowledge message according to described test post to described daily record client.
The harvester of the daily record of the embodiment of the present invention, can improve the comprehensive of the information of collection and applicability, and acquisition method is simple, greatly can improve the efficiency of collection.
Professional should recognize further, in conjunction with unit and the algorithm steps of each example of embodiment disclosed herein description, can realize with electronic hardware, computer software or the combination of the two, in order to the interchangeability of hardware and software is clearly described, generally describe composition and the step of each example in the above description according to function.These functions perform with hardware or software mode actually, depend on application-specific and the design constraint of technical scheme.Professional and technical personnel can use distinct methods to realize described function to each specifically should being used for, but this realization should not thought and exceeds scope of the present invention.
The software module that the method described in conjunction with embodiment disclosed herein or the step of algorithm can use hardware, processor to perform, or the combination of the two is implemented.Software module can be placed in the storage medium of other form any known in random asccess memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field.
Above-described embodiment; object of the present invention, technical scheme and beneficial effect are further described; be understood that; the foregoing is only the specific embodiment of the present invention; the protection range be not intended to limit the present invention; within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (18)
1. an acquisition method for daily record, is characterized in that, described method comprises:
Daily record client reads at least one daily record knowledge module from the list of daily record knowledge module;
Perform described daily record knowledge module, the journal file of corresponding operating system or application system is resolved, and gather the object content information of described journal file;
The described object content information gathered is sent to log services end.
2. method according to claim 1, is characterized in that, described daily record knowledge module comprises one or more target component;
The described daily record knowledge module of described execution, resolves the journal file of corresponding operating system or application system, and the object content information gathering described journal file comprises:
Perform described daily record knowledge module, the journal file of corresponding operating system or application system is resolved, obtains analysis result;
According to described target component, from described analysis result, gather the parameter value of the parameter consistent with described target component, using the object content information of the parameter value of described parameter as described journal file.
3. method according to claim 1 and 2, is characterized in that, the described daily record knowledge module of described execution comprises:
Periodically perform described daily record knowledge module; And/or,
When the size of described journal file is greater than threshold value, perform described daily record knowledge module.
4. the method according to any one of claim 1-3, is characterized in that, described method also comprises:
Send inquiry instruction to described log services end, described inquiry instruction is used to indicate described log services end when judging there is the daily record knowledge module of renewal, returns the numbering of the daily record knowledge module of described renewal to described daily record client;
According to the numbering of the daily record knowledge module of described renewal, obtain the daily record knowledge module of described renewal from described log services end.
5. method according to claim 4, it is characterized in that, the daily record knowledge module of the renewal of described log services end is by described log services end by calling the application programming interface api function of daily record knowledge module distribution site, obtains from described daily record knowledge module distribution site; Or,
The daily record knowledge module of the renewal of described log services end is obtained from storage medium by described log services end.
6. the method according to any one of claim 1-5, is characterized in that, before described daily record client reads at least one daily record knowledge module from the list of daily record knowledge module, described method also comprises:
According to IP address and the listening port of described log services end, to opening described listening port and the described log services end opening listen mode sends test post;
Receive the acknowledge message that described log services end sends according to the described test post received.
7. an acquisition method for daily record, is characterized in that, described method comprises:
Log services end obtains at least one daily record knowledge module;
When receiving the inquiry instruction that daily record client sends, return the numbering of described daily record knowledge module to described daily record client;
Receive the acquisition instruction that described daily record client sends according to the numbering of described daily record knowledge module;
According to described acquisition instruction, described daily record knowledge module is returned to described daily record client, to make daily record knowledge module described in described daily record client executing, the journal file of corresponding operating system or application system is resolved, and gather the object content information of described journal file;
Receive the described object content information that described daily record client gathers.
8. method according to claim 7, is characterized in that, described log services end obtains at least one daily record knowledge module and comprises:
By calling the application programming interface api function of daily record knowledge module distribution site, obtain at least one daily record knowledge module from described daily record knowledge module distribution site; Or,
At least one daily record knowledge module is obtained from storage medium.
9. the method according to claim 7 or 8, is characterized in that, before described log services end obtains at least one daily record knowledge module, described method also comprises:
Described log services termination receives configuration-direct, according to the configuration-direct received, opens listening port, and opens listen mode;
Receive the test post that described daily record client sends;
Acknowledge message is returned to described daily record client according to described test post.
10. a harvester for daily record, is characterized in that, described device comprises: reading unit, collecting unit and transmitting element;
Described reading unit, for reading at least one daily record knowledge module from the list of daily record knowledge module;
Described collecting unit, for performing the described daily record knowledge module that described reading unit reads, resolving the journal file of corresponding operating system or application system, and gathering the object content information of described journal file;
Described transmitting element, for sending the described object content information that described collecting unit gathers to log services end.
11. devices according to claim 10, is characterized in that, described daily record knowledge module comprises one or more target component;
Described collecting unit specifically for:
Perform described daily record knowledge module, the journal file of corresponding operating system or application system is resolved, obtains analysis result;
According to described target component, from described analysis result, gather the parameter value of the parameter consistent with described target component, using the object content information of the parameter value of described parameter as described journal file.
12. devices according to claim 10 or 11, is characterized in that, described collecting unit specifically for:
Periodically perform described daily record knowledge module; And/or,
When the size of described journal file is greater than threshold value, perform described daily record knowledge module.
13. devices according to any one of claim 10-12, it is characterized in that, described device also comprises: acquiring unit;
Described transmitting element, also for sending inquiry instruction to described log services end, described inquiry instruction is used to indicate described log services end when judging there is the daily record knowledge module of renewal, returns the numbering of the daily record knowledge module of described renewal;
Described acquiring unit, for the numbering of the daily record knowledge module according to described renewal, obtains the daily record knowledge module of described renewal from described log services end.
14. devices according to claim 13, it is characterized in that, the daily record knowledge module of the renewal of described log services end is by described log services end by calling the application programming interface api function of daily record knowledge module distribution site, obtains from described daily record knowledge module distribution site; Or,
The daily record knowledge module of the renewal of described log services end is obtained from storage medium by described log services end.
15. devices according to any one of claim 10-14, it is characterized in that, described device also comprises: receiving element;
Described transmitting element, also for according to the IP address of described log services end and listening port, to opening described listening port and the described log services end opening listen mode sends test post;
Described receiving element, for receiving the acknowledge message that described log services end sends according to the described test post received.
The harvester of 16. 1 kinds of daily records, is characterized in that, described device comprises: acquiring unit, transmitting element and receiving element;
Described acquiring unit, for obtaining at least one daily record knowledge module;
Described transmitting element, for when receiving the inquiry instruction that daily record client sends, returns the numbering of described daily record knowledge module to described daily record client;
Described receiving element, the acquisition instruction that the numbering for receiving the described daily record knowledge module that described daily record client sends according to described transmitting element sends;
Described transmitting element, described acquisition instruction also for receiving according to described receiving element, described daily record knowledge module is returned to described daily record client, to make daily record knowledge module described in described daily record client executing, the journal file of corresponding operating system or application system is resolved, and gathers the object content information of described journal file;
Described receiving element, also for receiving the described object content information that described daily record client gathers.
17. devices according to claim 16, is characterized in that, described acquiring unit specifically for:
By calling the application programming interface api function of daily record knowledge module distribution site, obtain at least one daily record knowledge module from described daily record knowledge module distribution site; Or,
At least one daily record knowledge module is obtained from storage medium.
18. devices according to claim 16 or 17, it is characterized in that, described device also comprises: start unit;
Described receiving element, also for receiving configuration-direct;
Described start unit, for the described configuration-direct received according to described receiving element, opens listening port, and opens listen mode;
Described receiving element, also for receiving the test post that described daily record client sends;
Described transmitting element, also for returning acknowledge message according to described test post to described daily record client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510451557.1A CN105141448B (en) | 2015-07-28 | 2015-07-28 | A kind of acquisition method and device of daily record |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510451557.1A CN105141448B (en) | 2015-07-28 | 2015-07-28 | A kind of acquisition method and device of daily record |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105141448A true CN105141448A (en) | 2015-12-09 |
| CN105141448B CN105141448B (en) | 2018-10-02 |
Family
ID=54726666
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510451557.1A Active CN105141448B (en) | 2015-07-28 | 2015-07-28 | A kind of acquisition method and device of daily record |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105141448B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105630650A (en) * | 2015-12-25 | 2016-06-01 | 北京奇虎科技有限公司 | Log processing method, device and system |
| CN106656619A (en) * | 2016-12-30 | 2017-05-10 | 郑州云海信息技术有限公司 | Linux log management system and method |
| CN106855888A (en) * | 2016-12-29 | 2017-06-16 | 北京车智赢科技有限公司 | Daily record monitoring system based on Logstash distributed systems |
| CN108108285A (en) * | 2017-12-26 | 2018-06-01 | 广东欧珀移动通信有限公司 | Log processing method, device, storage medium and terminal device |
| CN109559181A (en) * | 2017-09-26 | 2019-04-02 | 北京国双科技有限公司 | Order data acquisition method and device |
| CN110888790A (en) * | 2019-11-29 | 2020-03-17 | 杭州迪普科技股份有限公司 | Log management method and device, electronic equipment and storage medium |
| CN111526110A (en) * | 2019-02-01 | 2020-08-11 | 国家计算机网络与信息安全管理中心 | Method, device, equipment and medium for detecting unauthorized login of email account |
| CN115209394A (en) * | 2022-05-31 | 2022-10-18 | 深圳市广和通无线股份有限公司 | Log capture method, device, equipment and storage medium |
| CN116225854A (en) * | 2023-05-05 | 2023-06-06 | 北京明易达科技股份有限公司 | Method, system, medium and equipment for automatically collecting server log |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1549160A (en) * | 2003-05-23 | 2004-11-24 | 联想(北京)有限公司 | Equipment daily record real-time analyzing system and journal analyzing method based on card technique |
| US20070239799A1 (en) * | 2006-03-29 | 2007-10-11 | Anirudh Modi | Analyzing log files |
| CN101237326A (en) * | 2008-02-29 | 2008-08-06 | 华为技术有限公司 | Method, device and system for real time parsing of device log |
| CN101277225A (en) * | 2008-05-09 | 2008-10-01 | 杭州华三通信技术有限公司 | Method for analyzing network quality as well as network quality analysis terminal-initiating equipment |
| CN101515245A (en) * | 2008-02-21 | 2009-08-26 | 卓望数码技术(深圳)有限公司 | Operation log recording method and system |
| CN103178982A (en) * | 2011-12-23 | 2013-06-26 | 阿里巴巴集团控股有限公司 | Method and device for analyzing log |
| CN103425750A (en) * | 2013-07-23 | 2013-12-04 | 国云科技股份有限公司 | Cross-platform and cross-application log collecting system and collecting managing method thereof |
| CN103577443A (en) * | 2012-07-30 | 2014-02-12 | 中国银联股份有限公司 | Log processing system |
| CN103929329A (en) * | 2014-04-14 | 2014-07-16 | 百度在线网络技术(北京)有限公司 | Log processing and configuration method, configuration server, service end device and system |
-
2015
- 2015-07-28 CN CN201510451557.1A patent/CN105141448B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1549160A (en) * | 2003-05-23 | 2004-11-24 | 联想(北京)有限公司 | Equipment daily record real-time analyzing system and journal analyzing method based on card technique |
| US20070239799A1 (en) * | 2006-03-29 | 2007-10-11 | Anirudh Modi | Analyzing log files |
| CN101515245A (en) * | 2008-02-21 | 2009-08-26 | 卓望数码技术(深圳)有限公司 | Operation log recording method and system |
| CN101237326A (en) * | 2008-02-29 | 2008-08-06 | 华为技术有限公司 | Method, device and system for real time parsing of device log |
| CN101277225A (en) * | 2008-05-09 | 2008-10-01 | 杭州华三通信技术有限公司 | Method for analyzing network quality as well as network quality analysis terminal-initiating equipment |
| CN103178982A (en) * | 2011-12-23 | 2013-06-26 | 阿里巴巴集团控股有限公司 | Method and device for analyzing log |
| CN103577443A (en) * | 2012-07-30 | 2014-02-12 | 中国银联股份有限公司 | Log processing system |
| CN103425750A (en) * | 2013-07-23 | 2013-12-04 | 国云科技股份有限公司 | Cross-platform and cross-application log collecting system and collecting managing method thereof |
| CN103929329A (en) * | 2014-04-14 | 2014-07-16 | 百度在线网络技术(北京)有限公司 | Log processing and configuration method, configuration server, service end device and system |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105630650A (en) * | 2015-12-25 | 2016-06-01 | 北京奇虎科技有限公司 | Log processing method, device and system |
| CN106855888A (en) * | 2016-12-29 | 2017-06-16 | 北京车智赢科技有限公司 | Daily record monitoring system based on Logstash distributed systems |
| CN106855888B (en) * | 2016-12-29 | 2020-12-22 | 北京车智赢科技有限公司 | Log monitoring system based on Logstash distributed system |
| CN106656619A (en) * | 2016-12-30 | 2017-05-10 | 郑州云海信息技术有限公司 | Linux log management system and method |
| CN109559181A (en) * | 2017-09-26 | 2019-04-02 | 北京国双科技有限公司 | Order data acquisition method and device |
| CN108108285A (en) * | 2017-12-26 | 2018-06-01 | 广东欧珀移动通信有限公司 | Log processing method, device, storage medium and terminal device |
| CN111526110A (en) * | 2019-02-01 | 2020-08-11 | 国家计算机网络与信息安全管理中心 | Method, device, equipment and medium for detecting unauthorized login of email account |
| CN111526110B (en) * | 2019-02-01 | 2024-02-27 | 国家计算机网络与信息安全管理中心 | Method, device, equipment and medium for detecting unauthorized login of email account |
| CN110888790A (en) * | 2019-11-29 | 2020-03-17 | 杭州迪普科技股份有限公司 | Log management method and device, electronic equipment and storage medium |
| CN110888790B (en) * | 2019-11-29 | 2024-02-27 | 杭州迪普科技股份有限公司 | Log management method and device, electronic equipment and storage medium |
| CN115209394A (en) * | 2022-05-31 | 2022-10-18 | 深圳市广和通无线股份有限公司 | Log capture method, device, equipment and storage medium |
| CN116225854A (en) * | 2023-05-05 | 2023-06-06 | 北京明易达科技股份有限公司 | Method, system, medium and equipment for automatically collecting server log |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105141448B (en) | 2018-10-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105141448A (en) | Method and device for collecting log | |
| CN107632918B (en) | Monitoring system and method for computing storage equipment | |
| US10616039B2 (en) | System and method for remote maintenance | |
| US7409318B2 (en) | Support network | |
| CN108306748B (en) | Network fault positioning method and device and interaction device | |
| CN105659245A (en) | Context-aware network forensics | |
| US8135819B2 (en) | Methods and systems for network management using periodic status messages in automated teller machines | |
| US9280399B2 (en) | Detecting, monitoring, and configuring services in a netwowk | |
| US10341182B2 (en) | Method and system for detecting network upgrades | |
| CN105589782A (en) | User behavior collection method based on browser | |
| CN103490937A (en) | Method and device for filtering monitoring data | |
| CN103166788B (en) | A kind of collection control Control management system | |
| CN104486125A (en) | Backup method and device of configuration files | |
| CN115914369A (en) | Network shooting range log file acquisition proxy gateway, acquisition system and method | |
| CN105099733A (en) | Equipment safety management method in safety management and control platform and equipment safety management system in safety management and control platform | |
| US20070288567A1 (en) | Network management | |
| CN108390907B (en) | Management monitoring system and method based on Hadoop cluster | |
| CN109981377B (en) | Distributed data center link monitoring method and system | |
| CN104993944A (en) | Experiment scene backtracking technology device and method based on network environment and test equipment | |
| CN111813627A (en) | Application auditing method, device, terminal, system and readable storage medium | |
| CN112884176B (en) | Management system and method | |
| CN101453454A (en) | Internal tracking method and network attack detection | |
| CN107888438B (en) | Flow table technology-based system for automatically sensing and adapting to cloud environment change | |
| WO2001059972A2 (en) | Support network | |
| KR101016444B1 (en) | A network management system using telnet protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200417 Address after: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee after: HUAWEI TECHNOLOGIES Co.,Ltd. Address before: Room 301, building a, building 3, No. 301, Binxing Road, Binjiang District, Shenzhen City, Guangdong Province Patentee before: Huawei Technologies Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220210 Address after: 550025 Huawei cloud data center, jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guiyang City, Guizhou Province Patentee after: Huawei Cloud Computing Technology Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |
|
| TR01 | Transfer of patent right |