CN106878029B - A kind of network data auditing system and method - Google Patents

A kind of network data auditing system and method Download PDF

Info

Publication number
CN106878029B
CN106878029B CN201510924912.2A CN201510924912A CN106878029B CN 106878029 B CN106878029 B CN 106878029B CN 201510924912 A CN201510924912 A CN 201510924912A CN 106878029 B CN106878029 B CN 106878029B
Authority
CN
China
Prior art keywords
audit
data
log
management module
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510924912.2A
Other languages
Chinese (zh)
Other versions
CN106878029A (en
Inventor
刘永强
王先高
沈智杰
景晓军
唐新民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SURFILTER NETWORK TECHNOLOGY Co Ltd
Original Assignee
SURFILTER NETWORK TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SURFILTER NETWORK TECHNOLOGY Co Ltd filed Critical SURFILTER NETWORK TECHNOLOGY Co Ltd
Priority to CN201510924912.2A priority Critical patent/CN106878029B/en
Publication of CN106878029A publication Critical patent/CN106878029A/en
Application granted granted Critical
Publication of CN106878029B publication Critical patent/CN106878029B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/1403Architecture for metering, charging or billing
    • H04L12/1407Policy-and-charging control [PCC] architecture
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/141Indication of costs
    • H04L12/1421Indication of expected costs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/0205Traffic management, e.g. flow control or congestion control at the air interface
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/24Accounting or billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Debugging And Monitoring (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of network data auditing system, the network data that multiple AP equipment are analysed to respectively carries out shallow parsing and forms shallow parsing data;Shallow parsing data and deep parsing data are assigned in audit cluster unit by master management unit by two different transmission channels;Cluster unit of auditing carries out drastic reduction analysis to the shallow parsing data and deep parsing data, and generates audit log and log information queue;Storage cluster unit stores the audit log and log information queue;It reports cluster unit to monitor the log information queue of the storage cluster unit, and after the description information for getting the audit log to be reported, reports format that the audit log is reported to the data center according to data center.The present invention also provides corresponding methods.Network data auditing system and method for the invention is realized by three levels, realizes and separate on logically and physically have the characteristics of high-performance and enhanced scalability between level and level.

Description

A kind of network data auditing system and method
Technical field
The present invention relates to technical field of data processing, more specifically to a kind of network data auditing system and method.
Background technique
WiFi wireless network has become many public place standard auxiliary facilities, provides for public place client free Service on net.Tradition carries out the audit of data image mode based on single-point place, cannot solve audit log and access terminals very well Incidence relation, at high cost, deployment is complicated;In addition, it is directly forwarded to audit server based on audit place raw data packets, though So can directly audit the initial data of front end, but raw data packets increase legacy network bandwidth, affect normal online.
Summary of the invention
The technical problem to be solved in the present invention is that being examined for open place WLAN wireless network data in the prior art The drawbacks described above of meter provides a kind of network data auditing system and method.
There is provided a kind of network data auditing system, the system packets for technical proposal that the invention solves the above-mentioned problems It includes:
Multiple AP equipment, the network data for being analysed to respectively carry out shallow parsing and form shallow parsing data, will be described Shallow parsing data and deep parsing data are transferred to master management unit;
Master management unit is connect with the multiple AP equipment, for passing through the shallow parsing data and deep parsing data Two different transmission channels are assigned in audit cluster unit;
The audit cluster unit, connect with the master management unit, for respectively to shallow parsing data and described Deep parsing data carry out drastic reduction analysis, and generate audit log and log information queue;
Storage cluster unit is connect with the audit cluster unit, is used for the audit log and log information queue It is stored;
Cluster unit is reported, is connect with the storage cluster unit, the log for monitoring the storage cluster unit disappears Queue is ceased, and after the description information for getting the audit log to be reported, reports format by institute according to data center It states audit log and is reported to the data center.
In above-mentioned network data auditing system, the master management unit includes load balancer, and the load balancer is used Data transmission channel is parsed with deep in establishing shallow parsing data transmission channel respectively according to load-balancing algorithm.
In above-mentioned network data auditing system, the audit cluster unit includes multiple audit hosts, each audit The nodal function of host is identical, and each audit host includes at shallow parsing data processing module and deep parsing data Module is managed, wherein the shallow parsing data processing module is used to carry out regression analysis to the shallow parsing data, and generates audit Log and log information queue;The deep parsing data processing module is used to carry out secondary parsing to the deep parsing data, and Generate audit log and log information queue.
In above-mentioned network data auditing system, the storage cluster unit includes multiple memory databases, each described interior Deposit data library is identical, and each memory database is for depositing the audit log and log information queue Storage;
It is described report cluster unit include it is multiple report host, it is the multiple report host respectively with the storage cluster list The multiple memory database of member corresponds.
In above-mentioned network data auditing system, master management unit further includes audit cluster management module, storage cluster management Module and cluster management module is reported, the audit host is connect with the audit cluster management module, the internal storage data Library is connect with the storage cluster management module, described that host is reported to report cluster management module to connect with described, in which: described Cluster management module of auditing is for registering audit host node;The storage cluster management module is for registering memory database section Point;It is described that cluster management module is reported to report between node and the AP equipment and the data center for registration data Corresponding relationship;
The audit cluster management module is also used to execute expanded configuration operation so that the audit host is opened according to business Exhibition situation is smoothly extended;The storage cluster management module is also used to execute expanded configuration operation so that the internal storage data Support smooth extension in library.
The present invention also provides a kind of network data auditing methods, are applied to network data auditing system, the system packet It includes multiple AP equipment, master management unit, audit cluster unit, storage cluster unit and reports cluster unit;The method packet It includes:
The network data that S1, multiple AP equipment are analysed to respectively carries out shallow parsing and forms shallow parsing data, will be described shallow Parsing data and deep parsing data are transferred to master management unit;
The shallow parsing data and the deep parsing data are passed through two different transmission channels point by S2, master management unit It is fitted in audit cluster unit;
S3, audit cluster unit carry out drastic reduction analysis to the shallow parsing data and the deep parsing data respectively, And generate audit log and log information queue.
S4, storage cluster unit store the audit log and log information queue;
S5, cluster unit is reported to monitor the log information queue of the storage cluster unit, and to be reported getting After the description information of the audit log, format is reported to be reported to the audit log in the data according to data center The heart.
In above-mentioned network data auditing method, the step S2 further include: load balancer is according to load-balancing algorithm point Data transmission channel and deep parsing data transmission channel Jian Li not be parsed shallowly.
In above-mentioned network data auditing method, in the step S3, the audit cluster unit includes multiple audit masters The nodal function of machine, each audit host is identical, and each audit host includes shallow parsing data processing mould Block and deep parsing data processing module, wherein the shallow parsing data processing module is for restoring the shallow parsing data Analysis, and generate audit log;The deep parsing data processing module is used to carry out secondary parsing to the deep parsing data, and Generate audit log.
In above-mentioned network data auditing method, in the step S4, the storage cluster unit includes multiple memory numbers According to library, each memory database is identical, and each memory database disappears for the audit log and log Breath queue is stored;
In the step S5, it is described report cluster unit include it is multiple report host, it is the multiple that host is reported to distinguish It is corresponded with the multiple memory database of the storage cluster unit.
In above-mentioned network data auditing method, the master management unit further includes audit cluster management module, storage cluster Management module and cluster management module is reported, the audit host is connect with the audit cluster management module, the memory Database is connect with the storage cluster management module, described that host is reported to report cluster management module to connect with described, in which: The audit cluster management module is for registering audit host node;The storage cluster management module is for registering internal storage data Library node;It is described report cluster management module for registration data report node and the AP equipment and the data center it Between corresponding relationship;The method also includes:
The audit cluster management module executes expanded configuration and operates so that audit host is carried out according to business development situation Smooth extension;
The storage cluster management module executes expanded configuration and operates so that memory database supports smooth extension.
The beneficial effect of network data auditing system and method for the invention has:
First, the transmission of basic user behaviors log data is carried out by shallowly parsing data transmission channel, and parse number by deep The transmission for needing the data of secondary parsing is realized according to transmission channel, transmission mode obviously optimizes, and bandwidth occupancy is small, ensure that audit effect Fruit also reaches the purpose for saving bandwidth;
Second, multiple memory databases of storage cluster administrative unit are physically independent from each other, logically group At a memory database storage cluster, unified memory database production and consumption interface is externally provided, in this way wait audit The memory database production and consumption interface that data can call this unified after the processing for host of auditing, at this point, total data It is to complete read-write operation in memory, read-write efficiency is high;
Third, audit host can dynamically realize smooth extension according to business development situation, complete in master management unit Corresponding expanded configuration operation, meanwhile, support the smooth extension of memory database correspondingly to complete phase in master management unit The expanded configuration operation answered;
4th, it reports host to monitor the log information queue in corresponding memory database, passes through log information team Column, which obtain, needs the Audit data that reports, each reports host between each other and be independent, will not influence each other, ensure that data The stability that reports and efficiently.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of network data auditing system embodiment of the invention.
Fig. 2 is the flow chart of network data auditing method embodiment of the invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not For limiting the present invention.
As shown in Figure 1, being the structural schematic diagram of network data auditing system embodiment of the invention.With reference to Fig. 1, the system Including multiple AP equipment, master management unit, audit and report cluster unit at cluster unit, storage cluster unit, wherein multiple AP equipment is connect with master management unit respectively, and audit cluster unit is connect with master management unit, and storage cluster unit and audit collect Group unit connection.
The network data that multiple AP equipment are analysed to respectively carries out shallow parsing and forms shallow parsing data, wherein shallow parsing Data are the basic user behaviors log of AP equipment, and the deep data that parse are secondary resolution file to be resolved.AP equipment is shallow by this later Parsing data and deep parsing data are transferred to master management unit.
Master management unit is used to for shallow parsing data and deep parsing data being assigned to by two different transmission channels careful It counts in cluster unit.Wherein, master management unit includes load balancer, which is used for according to load-balancing algorithm point Data transmission channel and deep parsing data transmission channel Jian Li not be parsed shallowly.
Cluster unit of auditing is used to carry out drastic reduction analysis to shallow parsing data and deep parsing data, and generates audit day Will.Specifically, which includes multiple audit hosts, and the nodal function of each audit host is identical, each Host of auditing is used to carry out shallow parsing data regression analysis, and carries out secondary parsing to deep parsing data, and generate audit day Will.In the present embodiment, shallow parsing data and deep parsing data are assigned on audit host by master management unit.Further, Each audit host includes shallow parsing data processing module and deep parsing data processing module, and the shallow data processing module that parses is used for Regression analysis is carried out to shallow parsing data, and generates audit log and log information queue, it is deep to parse data processing module difference For carrying out secondary parsing to deep parsing data, and generate audit log and log information queue.For example, shallowly parsing data Processing module first unzips it shallow parsing data;Then, the corresponding audit word of the predetermined format is extracted according to predetermined format Section;Finally, the data center's list that need to be reported according to the Audit data of AP equipment, is sequentially written in audit log for audit field In, and then generate audit log.
Storage cluster unit is for storing audit log and log information queue, specifically, the storage cluster list Member include multiple memory databases, each memory database be it is identical, multiple memory database externally provides unified number According to production and data consumption interface, each memory database is for storing audit log and log information queue, wherein The storage location of audit log uses hash algorithm, and therefore, multiple memory database is physically independent from each other, and is being patrolled A memory database storage cluster is constituted on volume.The expression formula of the hash algorithm are as follows: Hash is (during AP [MAC]+data report Heart coding+Log Types);The element of log information queue includes that (AP [MAC]+data report centre code+Log Types to List | log ID).The storage cluster unit further includes virtual memory database access interface, the virtual memory database access interface For providing a listening port, and safeguard the practical connection and heartbeat detection with multiple memory databases.
Report cluster unit for monitoring storage cluster unit, and in the description information for getting audit log to be reported Afterwards, report format that audit log is reported to data center according to data center.Specifically, it includes multiple for reporting cluster unit Host is reported, it is multiple that host is reported to correspond respectively with multiple memory databases of storage cluster unit.In the present embodiment, By independently separating to obtain the audit log in description information and memory database, avoids directly to transmit in description information and examine Log is counted, the transmission efficiency of description information is improved, meanwhile, host is reported by multiple, individual data center can realize audit The multi-process of log, the parallel of multithreading report, moreover, each reporting host is independent parallel, do not influence between each other, Guarantee stability that data report and efficiently.
In an embodiment of the present invention, audit cluster unit, storage cluster unit and report cluster unit also respectively with Master management unit connection.Master management unit is also used to register audit host node, memory database node, data report node with And the corresponding relationship between AP equipment and data center.Further, audit host can be real according to business development situation dynamic Now smooth extension, accordingly, master management unit are also used to execute expanded configuration and operate so that audit host carries out feelings according to business Condition is smoothly extended.Master management unit is also used to execute expanded configuration and operates so that memory database supports smooth extension.Tool Body, master management unit further includes audit cluster management module, storage cluster management module and reports cluster management module, is examined Meter host is connect with audit cluster management module, and memory database is connect with storage cluster management module, is reported host and is reported Cluster management module connection, wherein audit cluster management module is used for registering audit host node, storage cluster management module In registration memory database node, cluster management module is reported to report node and AP equipment and data center for registration data Between corresponding relationship.Audit cluster management module is also used to execute expanded configuration and operates so that audit host is carried out according to business Situation is smoothly extended;Storage cluster management module is also used to execute expanded configuration and operates so that memory database is supported smoothly Extension.
As shown in Fig. 2, being the flow chart of network data auditing method embodiment of the invention, the network data auditing method Applied in above-mentioned network data auditing system.With reference to Fig. 2, method includes the following steps:
The network data that S10, multiple AP equipment are analysed to respectively carries out shallow parsing and forms shallow parsing data;
S20, master management unit distribute the shallow parsing data and deep parsing data by two different transmission channels Onto audit cluster unit;
S30, audit cluster unit carry out drastic reduction analysis to the shallow parsing data and the deep parsing data respectively, And generate audit log and log information queue;
S40, storage cluster unit store the audit day and log information queue will;
S50, cluster unit is reported to monitor the log information queue of the storage cluster unit, and to be reported getting After the description information of the audit log, format is reported to be reported to the audit log in the data according to data center The heart.
In above-mentioned steps S20, master management unit includes load balancer, which is used for according to load balancing Algorithm establishes shallow parsing data transmission channel and deep parsing data transmission channel respectively.
In above-mentioned steps S30, which includes multiple audit hosts, the nodal function of each audit host Identical, each audit host is used to carry out shallow parsing data regression analysis, and carries out secondary solution to deep parsing data Analysis, and audit log and log information queue are generated respectively.In the present embodiment, master management unit will shallowly parse data and deep solution Analysis data are assigned on audit host.Further, each audit host includes shallow parsing data processing module and deep parsing number According to processing module, the shallow data processing module that parses is used to carry out regression analysis to shallow parsing data, and generates audit log and day Will message queue, the deep data processing module that parses is respectively used to carry out secondary parsing to deep parsing data, and generates audit log And log information queue.For example, shallowly parsing data processing module first unzips it shallow parsing data;Then, according to Predetermined format extracts the corresponding audit field of the predetermined format;Finally, in the data that need to be reported according to the Audit data of AP equipment Audit field is sequentially written in audit log, and then generates audit log by heart list.
In above-mentioned steps S40, which includes multiple memory databases, and each memory database is identical , multiple memory database externally provides unified data production and data consumption interface, and each memory database is used for will Audit log and log information queue are stored, wherein the storage location of audit log uses hash algorithm, and therefore, this is more A memory database is physically independent from each other, and logically constitutes a memory database storage cluster.The Hash The expression formula of algorithm are as follows: Hash (AP [MAC]+data report centre code+Log Types);The element of log information queue includes List (AP [MAC]+data report centre code+Log Types | log ID).The storage cluster unit further includes virtual memory number According to library access interface, which safeguards and multiple memory numbers for providing a listening port According to the practical connection in library and heartbeat detection.
In above-mentioned steps S50, report cluster unit include it is multiple report host, it is multiple that host is reported to collect respectively with storage Multiple memory databases of group unit correspond.In the present embodiment, by independently separating to obtain description information and memory Audit log in database, avoids and directly transmits audit log in description information, improves the transmission efficiency of description information, Meanwhile host is reported by multiple, individual data center can realize that the multi-process of audit log, the parallel of multithreading report, and And each reporting host is independent parallel, is not influenced between each other, guarantees stability that data report and efficiently.
In an embodiment of the present invention, master management unit is also used to register audit host node, memory storage node, data Report the corresponding relationship between node and AP equipment and data center.Further, audit host can be carried out according to business Situation dynamic implement smoothly extends, accordingly, master management unit be also used to execute expanded configuration operate so that audit host according to Business development situation is smoothly extended.Master management unit is also used to execute expanded configuration operation so that memory database Zhi Chiping Sliding extension.Specifically, master management unit further includes audit cluster management module, storage cluster management module and reports cluster pipe Module is managed, audit host is connect with audit cluster management module, and memory database is connect with storage cluster management module, reports master Machine is connect with cluster management module is reported, wherein audit cluster management module is for registering audit host node, storage cluster pipe Reason module for registering memory database node, report cluster management module for registration data report node and AP equipment with Corresponding relationship between data center.Further, this method further include:
Cluster management module of auditing executes expanded configuration and operates so that audit host is smooth according to business development situation progress Extension;
Storage cluster management module executes expanded configuration and operates so that memory database supports smooth extension.
Summary, network data auditing system of the invention and method are realized by three levels, are respectively audited, are stored With report, realize and separate on logically and physically have the characteristics of high-performance and enhanced scalability, specifically between level and level Beneficial effect has:
First, the transmission of basic user behaviors log data is carried out by shallowly parsing data transmission channel, and parse number by deep The transmission for needing the data of secondary parsing is realized according to transmission channel, transmission mode obviously optimizes, and bandwidth occupancy is small, ensure that audit effect Fruit also reaches the purpose for saving bandwidth;
Second, multiple memory databases of storage cluster administrative unit are physically independent from each other, logically group At a memory database storage cluster, unified memory database production and consumption interface is externally provided, in this way wait audit The memory database production and consumption interface that data can call this unified after the processing for host of auditing, at this point, total data It is to complete read-write operation in memory, read-write efficiency is high;
Third, audit host can dynamically realize smooth extension according to business development situation, complete in master management unit Corresponding expanded configuration operation, meanwhile, support the smooth extension of memory database correspondingly to complete phase in master management unit The expanded configuration operation answered;
4th, it reports host to monitor the log information queue in corresponding memory database, passes through log information team Column, which obtain, needs the Audit data that reports, each reports host between each other and be independent, will not influence each other, ensure that data The stability that reports and efficiently.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto, In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by anyone skilled in the art, It should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with scope of protection of the claims Subject to.

Claims (10)

1. a kind of network data auditing system, which is characterized in that the system comprises:
Multiple AP equipment, the network data for being analysed to respectively carry out shallow parsing and form shallow parsing data, and will be described shallow Parsing data and deep parsing data are transferred to master management unit, and the shallow parsing data are the basic user behaviors log of AP equipment, institute Stating deep parsing data is secondary resolution file to be resolved;
The master management unit is connect with the multiple AP equipment, is used for the shallow parsing data and the deep parsing data It is assigned in audit cluster unit by two different transmission channels;
The audit cluster unit, connect with the master management unit, for respectively to the shallow parsing data and the deep solution It analyses data and carries out drastic reduction analysis, and generate audit log and log information queue;
Storage cluster unit is connect with the audit cluster unit, for carrying out the audit log and log information queue Storage;
Cluster unit is reported, is connect with the storage cluster unit, for monitoring the log information team of the storage cluster unit Column, and after the description information for getting the audit log to be reported, report format to examine described according to data center Meter log is reported to the data center.
2. network data auditing system according to claim 1, which is characterized in that the master management unit includes load Balanced device, the load balancer for establishing shallow parsing data transmission channel and deep parsing number according to load-balancing algorithm respectively According to transmission channel.
3. network data auditing system according to claim 1, which is characterized in that the audit cluster unit includes more The nodal function of a audit host, each audit host is identical, and each audit host includes shallow parsing number According to processing module and deep parsing data processing module, wherein the shallow parsing data processing module is used for the shallow parsing data Regression analysis is carried out, and generates audit log and log information queue;The deep parsing data processing module is used for the depth It parses data and carries out secondary parsing, and generate audit log and log information queue.
4. network data auditing system according to claim 1, which is characterized in that the storage cluster unit includes more A memory database, each memory database is identical, and each memory database was used for the audit day Will and log information queue are stored;
It is described report cluster unit include it is multiple report host, it is the multiple report host respectively with the storage cluster unit The multiple memory database corresponds.
5. network data auditing system according to claim 4, which is characterized in that master management unit further includes audit collection Group and reports cluster management module at management module, storage cluster management module, the audit host and the audit cluster pipe Module connection is managed, the memory database is connect with the storage cluster management module, described to report host and the report set Group's management module connection, in which: the audit cluster management module is for registering audit host node;The storage cluster management Module is for registering memory database node;It is described that cluster management module is reported to report node and the AP for registration data Corresponding relationship between equipment and the data center;
The audit cluster management module is also used to execute expanded configuration and operates so that the audit host carries out feelings according to business Condition is smoothly extended;The storage cluster management module is also used to execute expanded configuration operation so that the memory database branch Maintain an equal level sliding extension.
6. a kind of network data auditing method is applied to network data auditing system, which is characterized in that the system comprises multiple AP equipment, master management unit, audit and report cluster unit at cluster unit, storage cluster unit;The described method includes:
The network data that S1, multiple AP equipment are analysed to respectively carries out shallow parsing and forms shallow parsing data, by the shallow parsing Data and deep parsing data are transferred to the master management unit, and the shallow parsing data are the basic user behaviors log of AP equipment, institute Stating deep parsing data is secondary resolution file to be resolved;
The shallow parsing data and the deep parsing data are passed through two different transmission channels point by S2, the master management unit It is fitted in audit cluster unit;
S3, audit cluster unit carry out drastic reduction analysis to the shallow parsing data and the deep parsing data respectively, and raw At audit log and log information queue;
S4, storage cluster unit store the audit log and log information queue;
S5, report cluster unit to monitor the log information queue of the storage cluster unit, and get it is to be reported described in After the description information of audit log, report format that the audit log is reported to the data center according to data center.
7. network data auditing method according to claim 6, which is characterized in that the step S2 further include: load Balanced device establishes shallow parsing data transmission channel and deep parsing data transmission channel according to load-balancing algorithm respectively.
8. network data auditing method according to claim 6, which is characterized in that in the step S3, described to examine Counting cluster unit includes multiple audit hosts, and the nodal function of each audit host is identical, and each audit Host includes shallow parsing data processing module and deep parsing data processing module, wherein the shallow parsing data processing module is used for Regression analysis is carried out to the shallow parsing data, and generates audit log;The deep parsing data processing module is used for described Deep parsing data carry out secondary parsing, and generate audit log.
9. network data auditing method according to claim 6, which is characterized in that described to deposit in the step S4 Preserving group unit includes multiple memory databases, and each memory database is identical, and each memory database It is stored for the audit log and log information queue;
In the step S5, it is described report cluster unit include it is multiple report host, it is the multiple report host respectively with institute The multiple memory database for stating storage cluster unit corresponds.
10. network data auditing method according to claim 9, which is characterized in that the master management unit further includes examining It counts cluster management module, storage cluster management module and reports cluster management module, the audit host and the audit collect Group's management module connection, the memory database connect with the storage cluster management module, it is described report host with it is described on Report the connection of cluster management module, in which: the audit cluster management module is for registering audit host node;The storage cluster Management module is for registering memory database node;It is described that cluster management module is reported to report node and institute for registration data State the corresponding relationship between AP equipment and the data center;The method also includes:
The audit cluster management module executes expanded configuration and operates so that audit host carries out smoothly according to business development situation Extension;
The storage cluster management module executes expanded configuration and operates so that memory database supports smooth extension.
CN201510924912.2A 2015-12-14 2015-12-14 A kind of network data auditing system and method Active CN106878029B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510924912.2A CN106878029B (en) 2015-12-14 2015-12-14 A kind of network data auditing system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510924912.2A CN106878029B (en) 2015-12-14 2015-12-14 A kind of network data auditing system and method

Publications (2)

Publication Number Publication Date
CN106878029A CN106878029A (en) 2017-06-20
CN106878029B true CN106878029B (en) 2019-11-22

Family

ID=59178335

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510924912.2A Active CN106878029B (en) 2015-12-14 2015-12-14 A kind of network data auditing system and method

Country Status (1)

Country Link
CN (1) CN106878029B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107609114B (en) * 2017-09-13 2021-05-28 Oppo广东移动通信有限公司 Log information reporting method and device, storage medium, ADSP and terminal
CN110719282B (en) * 2019-10-10 2021-10-29 国网山东省电力公司信息通信公司 Authentication dual-active system based on unified authority
CN113342849A (en) * 2021-05-28 2021-09-03 百果园技术(新加坡)有限公司 Data auditing method and device, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1996876A (en) * 2006-06-30 2007-07-11 深圳市中科新业信息科技发展有限公司 Distributed audit system
CN103152352A (en) * 2013-03-15 2013-06-12 北京邮电大学 Perfect information security and forensics monitoring method and system based on cloud computing environment
JP2013238957A (en) * 2012-05-14 2013-11-28 Hitachi Solutions Ltd Auditing result analysis system and auditing result analysis method
CN103618652A (en) * 2013-12-17 2014-03-05 沈阳觉醒软件有限公司 Audit and depth analysis system and audit and depth analysis method of business data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1996876A (en) * 2006-06-30 2007-07-11 深圳市中科新业信息科技发展有限公司 Distributed audit system
JP2013238957A (en) * 2012-05-14 2013-11-28 Hitachi Solutions Ltd Auditing result analysis system and auditing result analysis method
CN103152352A (en) * 2013-03-15 2013-06-12 北京邮电大学 Perfect information security and forensics monitoring method and system based on cloud computing environment
CN103618652A (en) * 2013-12-17 2014-03-05 沈阳觉醒软件有限公司 Audit and depth analysis system and audit and depth analysis method of business data

Also Published As

Publication number Publication date
CN106878029A (en) 2017-06-20

Similar Documents

Publication Publication Date Title
CN104380693B (en) System and method for dynamic routing in the cluster
CN104620539B (en) System and method for supporting SNMP requests by cluster
CN104364761B (en) For the system and method for the converting flow in cluster network
CN104778188B (en) A kind of distributed apparatus log collection method
KR102082355B1 (en) Processing Techniques for Large Network Data
US8730819B2 (en) Flexible network measurement
CN104365067B (en) System and method for recombinating the grouping distributed across cluster
CN103609071B (en) Systems and methods for tracking application layer flow via a multi-connection intermediary device
CN104904160B (en) For the system and method for the application stream of data flow
US8694627B2 (en) Method and apparatus for correlating end to end measurements through control plane monitoring of wireless traffic
CN107528870B (en) A kind of collecting method and its equipment
CN102123044B (en) Detection device and method of network topology consistency based on topology discovery technology
US10659334B2 (en) Methods, systems, and computer program products for distributed packet traffic performance analysis in a communication network
CN106878029B (en) A kind of network data auditing system and method
CN104184659B (en) A kind of method and apparatus for being used to obtain packet in network
CN104869155B (en) Data Audit method and device
US9674728B2 (en) Method and apparatus for managing a degree of parallelism of streams
CN104539689B (en) A kind of resource monitoring method under cloud platform
US20230283556A1 (en) Collecting, processing, and distributing telemetry data
CN109933431A (en) A kind of intelligent client load equalization methods and system
CN110301119A (en) Improve the system and method for computer network performance for the multiplexing application-level flow for network flow
CN107766207A (en) Distributed automatic monitoring method, system, computer-readable recording medium and terminal device
US20220321445A1 (en) System and method for monitoring network performance
CN108464031B (en) The redundancy based on database in telecommunication network
US20120159109A1 (en) Method and apparatus for improving non-uniform memory access

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant