CN107707415A - A kind of automatic monitoring of server configuration and alarm method based on SaltStack - Google Patents
A kind of automatic monitoring of server configuration and alarm method based on SaltStack Download PDFInfo
- Publication number
- CN107707415A CN107707415A CN201711183370.3A CN201711183370A CN107707415A CN 107707415 A CN107707415 A CN 107707415A CN 201711183370 A CN201711183370 A CN 201711183370A CN 107707415 A CN107707415 A CN 107707415A
- Authority
- CN
- China
- Prior art keywords
- configuration
- server
- saltstack
- content
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a kind of automatic monitoring of server configuration based on SaltStack and alarm method, including:The server being managed periodically is dispatched by timed task scheduling tool, performs SaltStack Client commands;SaltStack client request SaltStack service ends, expected configuration is pulled, and contrasted with the actual disposition file on current server, return to the json format differences results of configuration and expected configuration on current server;Configuration variance analysis program is by reading result;The change state and the content write-in message queue of all change files that will determine that;Safeguard the profile list and affiliated director and mailbox message in configuration monitoring end;Read queue content in configuration monitoring end;By changing state value, if content alteration, then client and changed content are sent into alarm email to keeper.The present invention solves the safety and reliability of aol server configuration file, in the case of ensureing that file or is tampered the modification of mistake, can monitor and alert in time.
Description
Technical field
The present invention relates to each system-based configuration and service field of configuration, particularly one kind on server node to be based on
The SaltStack automatic monitoring of server configuration and alarm method.
Background technology
In order to ensure server normal operation, it is necessary to each system-based configuration file, service aid to server
Configuration file of configuration file and service code etc. is managed and safeguarded, to prevent the configuration of operating personnel's bug patch from leading
Cause server operation troubles or business to go wrong, be also possible to prevent server and be hacked and distort configuration file etc..
Traditional server configuration is mainly manual administration and maintenance, in deployment and follow-up maintenance, if configuration change,
Need to configure by platform manual modification.Occurred some server configuration management tools, such as SaltStack in recent years, it is to pass through
The mode of configuration template is write, the configuration for needing to be managed well is predefined in SlatStack service ends, then by periodically manual
The command tools (salt-call orders) that SaltStack is provided are performed, by machine (client on predefined expected configuration and line
End) actual disposition contrast, do not do any operation if no difference;If variant with the configuration of machine on line,
Changed content can be exported under test pattern.
Although having server configuration management tool as such as SaltStack at present, their core concern
Point is all the management to configuration, i.e., actual disposition on line is updated into expected configuration, facilitates the renewal and maintenance of batch.For
The monitoring of configuration and alert this block, then do not provide, during per secondary inspection, it is necessary to manually operation performs order, then wait is returned
Return result;Lead to not the configuration to mistake to know and correct in time, in addition if machine is hacked after, file is tampered, newly
Increasing or deleting can not also know in time.
SaltStack:It is the configuration management tool of a C/S structure, it is managed by writing configuration template in service end
Client can perform Client command (salt-call) installation specified services, renewal client-server on specify match somebody with somebody
Put and show changed content, the operation such as cryptographic Hash of documents.
Timed task scheduling tool:Periodically perform the instrument for specifying order, such as cron command tools specifically can be with
With reference to https://zh.wikipedia.org/zh-hans/Cron.
Message queue:One end produces data write-in message queue, other end consumption (reading) data, and ensure data can
By property and uniformity, such as kafka instruments, https is specifically referred to://zh.wikipedia.org/wiki/Kafka.
json:A kind of text mark up language, facilitate program to read and use data.
The content of the invention
The technical problems to be solved by the invention be to provide a kind of automatic monitoring of server configuration based on SaltStack with
Alarm method, solve the safety and reliability of aol server configuration file, ensure file by the modification of mistake or usurped
In the case of changing, it can monitor and alert in time.
In order to solve the above technical problems, the technical solution adopted by the present invention is:
A kind of automatic monitoring of server configuration and alarm method based on SaltStack, comprise the following steps:
Step 1:The server being managed periodically is dispatched by timed task scheduling tool, is performed
SaltStack Client commands;
Step 2:SaltStack clients can ask SaltStack service ends, pull expected configuration, and and current clothes
Actual disposition file on business device contrasts, and returns to the json format differences results of configuration and expected configuration on current server,
Resultant content is each single item configuration and its changed content;
Step 3:Result is read by variance analysis, each configuration item result is traveled through, judges whether configuration file has change
Dynamic, the wherein entitled changes of field value represents changed content, if changes contents are null values, then it represents that with expected one
Cause, be otherwise then the difference of change;
Step 4:The change state and the content write-in message queue of all change files that will determine that;
Step 5:The profile list and affiliated director and mailbox message are safeguarded in configuration monitoring end, if system configuration,
Then director is system manager, if business configuration, then director is system manager and corresponding service director;Configuration prison
Control end and read queue content, obtain the change state value and changed content of client;
Step 6:By changing state value, if client is ignored without content alteration;If content alteration, then will
Client and changed content send alarm email to keeper, if business configuration, while send mail to business director
Alarm;
Step 7:If it exceeds cycle time does not receive any data on being managed server in message queue, then table
Show that being managed server has security risk, hair mail is alerted to keeper.
Specifically, in step 1, the timed task scheduling tool is cron.
Compared with prior art, the beneficial effects of the invention are as follows:
1) as in step 6, some operation maintenance personnel needs to change some configuration file on server, but mistake
Sign in and operated in server B, cause the operation of business service mistake;At this moment client analysis program can monitor, and finally match somebody with somebody
Put monitoring client and send alarm, learn and repair in the very first time.
2) as in step 6, processing business and updates upgrading, configuration needs to change, operation maintenance personnel operation lines last consignment of server, more
This new configuration.After renewal, warning information can be paid close attention to, if no alarm information, then it represents that this batch server is specified
Configuration is all altered correct;Otherwise represent that renewal is problematic, it is necessary to timely processing.
3) as in step 6, server A is broken through and logged into by hacker, has maliciously distorted some service configuration and one
A little program files, monitoring programme similarly can be found that file is tampered.
4) as in step 7, if hacker has found the detection service of this cycle monitoring, and it is cut off make on it stops
Report, but find to exceed the data for specifying the cycle not receive server A at configuration monitoring end, then it is assumed that server A, which has gone out, asks
Topic, can also equally be alerted.
Brief description of the drawings
Fig. 1 is present invention monitoring and alarm method schematic flow sheet.
Embodiment
The present invention is further detailed explanation with reference to the accompanying drawings and detailed description.SaltStack has been carried
Supplied an extraordinary configuration management, and the inventive method on SaltStack this layer again plus one layer of configuration variance point
Analysis checks program;The difference of server configuration is obtained by SaltStack, then configuration variance analysis program is done to difference content
Check, judge whether variant, alerted if variant to keeper and business director.Details are as follows:
1st, the server (client) being managed periodically is dispatched by timed task scheduling tool (such as cron),
Perform SaltStack Client commands (salt-call).
2nd, SaltStack clients can ask SaltStack service ends, pull expected configuration, and and current server
On actual disposition file contrast, return to the json format differences results of configuration and expected configuration on current server, as a result
Content is each single item configuration and its changed content.
3rd, result is read by variance analysis, travels through each configuration item result, judge whether configuration file has variation, its
The middle entitled changes of field value represents changed content, if changes contents are null values, then it represents that with expected consistent, otherwise
It is then the difference of change.
For example, the core false code fragment realized by python language is as follows:
4th, the change state value that will determine that (represents whether this server has variation, as long as any one configuration has altered
Then think there is variation) and all change files content write-in message queue (such as kafka).
5th, the profile list and affiliated director and mailbox message are safeguarded in configuration monitoring end, and system configuration is then responsible in this way
People is system manager, and then director is system manager and corresponding service director to business configuration in this way.Read at configuration monitoring end
Queue content is taken, obtains the change state value and changed content of client.
6th, by changing state value, if client is ignored without content alteration;If content alteration, then by client
End and changed content send alarm email to keeper, if business configuration, while send mail alarm to business director.
7th, if it exceeds cycle time does not receive any data on being managed server in message queue, then also illustrate that
Being managed server has security risk, and possible periodic duty is cut off by non-safety, should also send out mail and be accused to keeper
It is alert.
Claims (2)
1. a kind of automatic monitoring of server configuration and alarm method based on SaltStack, it is characterised in that including following step
Suddenly:
Step 1:The server being managed periodically is dispatched by timed task scheduling tool, performs SaltStack visitors
Family sort command;
Step 2:SaltStack clients can ask SaltStack service ends, pull expected configuration, and and current server
On actual disposition file contrast, return to the json format differences results of configuration and expected configuration on current server, as a result
Content is each single item configuration and its changed content;
Step 3:Result is read by variance analysis, each configuration item result is traveled through, judges whether configuration file has variation, its
The middle entitled changes of field value represents changed content, if changes contents are null values, then it represents that with expected consistent, otherwise
It is then the difference of change;
Step 4:The change state and the content write-in message queue of all change files that will determine that;
Step 5:The profile list and affiliated director and mailbox message are safeguarded in configuration monitoring end, if system configuration, then bear
It is system manager to blame people, if business configuration, then director is system manager and corresponding service director;Configuration monitoring end
Queue content is read, obtains the change state value and changed content of client;
Step 6:By changing state value, if client is ignored without content alteration;If content alteration, then by client
End and changed content send alarm email to keeper, if business configuration, while send mail alarm to business director;
Step 7:If it exceeds cycle time does not receive any data on being managed server in message queue, then it represents that quilt
Management server has security risk, and hair mail is alerted to keeper.
2. a kind of automatic monitoring of server configuration and alarm method based on SaltStack as claimed in claim 1, its feature
It is, in step 1, the timed task scheduling tool is cron.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711183370.3A CN107707415B (en) | 2017-11-23 | 2017-11-23 | SaltStack-based automatic monitoring and warning method for server configuration |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711183370.3A CN107707415B (en) | 2017-11-23 | 2017-11-23 | SaltStack-based automatic monitoring and warning method for server configuration |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107707415A true CN107707415A (en) | 2018-02-16 |
CN107707415B CN107707415B (en) | 2021-03-19 |
Family
ID=61185708
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711183370.3A Active CN107707415B (en) | 2017-11-23 | 2017-11-23 | SaltStack-based automatic monitoring and warning method for server configuration |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107707415B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109144607A (en) * | 2018-08-06 | 2019-01-04 | 成都知道创宇信息技术有限公司 | A kind of large-scale server automatic deployment and configuration method |
CN110162510A (en) * | 2019-04-26 | 2019-08-23 | 平安普惠企业管理有限公司 | Transcription comparison method, device, computer equipment and storage medium |
CN112579554A (en) * | 2019-09-29 | 2021-03-30 | 北京金山云网络技术有限公司 | Batch comparison method and device for server configuration files and electronic equipment |
CN112801516A (en) * | 2021-02-01 | 2021-05-14 | 天津五八到家货运服务有限公司 | Policy matching method, computer device, and storage medium |
CN114584600A (en) * | 2022-01-20 | 2022-06-03 | 国网青海省电力公司 | Data audit monitoring system |
CN115168137A (en) * | 2022-06-17 | 2022-10-11 | 北京结慧科技有限公司 | Monitoring method and system for timing task, computer equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102916839A (en) * | 2012-10-26 | 2013-02-06 | 南宁职业技术学院 | Automatic monitoring system for agricultural work in sugarhouse |
CN105553871A (en) * | 2015-12-15 | 2016-05-04 | 厦门贝启科技有限公司 | Method and system for remotely managing equipment parameters |
CN105681113A (en) * | 2016-03-29 | 2016-06-15 | 浪潮软件集团有限公司 | Automatic operation and maintenance method based on SaltStack |
WO2017053789A1 (en) * | 2015-09-24 | 2017-03-30 | Circadence Corporation | Mission-based, game-implemented cyber training system and method |
US20170270157A1 (en) * | 2016-03-21 | 2017-09-21 | Virtual Network Element, Inc. | TCP/IP Network Automation and Orchestration Tools |
-
2017
- 2017-11-23 CN CN201711183370.3A patent/CN107707415B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102916839A (en) * | 2012-10-26 | 2013-02-06 | 南宁职业技术学院 | Automatic monitoring system for agricultural work in sugarhouse |
WO2017053789A1 (en) * | 2015-09-24 | 2017-03-30 | Circadence Corporation | Mission-based, game-implemented cyber training system and method |
CN105553871A (en) * | 2015-12-15 | 2016-05-04 | 厦门贝启科技有限公司 | Method and system for remotely managing equipment parameters |
US20170270157A1 (en) * | 2016-03-21 | 2017-09-21 | Virtual Network Element, Inc. | TCP/IP Network Automation and Orchestration Tools |
CN105681113A (en) * | 2016-03-29 | 2016-06-15 | 浪潮软件集团有限公司 | Automatic operation and maintenance method based on SaltStack |
Non-Patent Citations (1)
Title |
---|
李小文 等: "《基于Puppet 的自动化部署工具的设计与实现》", 《软件》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109144607A (en) * | 2018-08-06 | 2019-01-04 | 成都知道创宇信息技术有限公司 | A kind of large-scale server automatic deployment and configuration method |
CN110162510A (en) * | 2019-04-26 | 2019-08-23 | 平安普惠企业管理有限公司 | Transcription comparison method, device, computer equipment and storage medium |
CN112579554A (en) * | 2019-09-29 | 2021-03-30 | 北京金山云网络技术有限公司 | Batch comparison method and device for server configuration files and electronic equipment |
CN112801516A (en) * | 2021-02-01 | 2021-05-14 | 天津五八到家货运服务有限公司 | Policy matching method, computer device, and storage medium |
CN114584600A (en) * | 2022-01-20 | 2022-06-03 | 国网青海省电力公司 | Data audit monitoring system |
CN115168137A (en) * | 2022-06-17 | 2022-10-11 | 北京结慧科技有限公司 | Monitoring method and system for timing task, computer equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN107707415B (en) | 2021-03-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107707415A (en) | A kind of automatic monitoring of server configuration and alarm method based on SaltStack | |
CN102624570A (en) | Monitoring system and method for detecting availability of web server | |
DE112020004623T5 (en) | ML-BASED EVENT HANDLING | |
JP6871877B2 (en) | Information processing equipment, information processing methods and computer programs | |
CN105205625A (en) | Employee attendance checking method and system | |
CN105141478A (en) | Method for monitoring state of sas card hard disk of linux server | |
CN103942547A (en) | Online and real-time printing detection method for intelligent card issuing system | |
US9405657B2 (en) | Application architecture assessment system | |
US20030135496A1 (en) | Management program, method and apparatus for business process definition | |
CN111782481A (en) | Universal data interface monitoring system and monitoring method | |
CN112949798A (en) | Laboratory equipment management method and system based on RFID technology | |
WO2023200597A1 (en) | Automated positive train control event data extraction and analysis engine for performing root cause analysis of unstructured data | |
US20150186809A1 (en) | System and method for tracking ami assets | |
CN109685682A (en) | The method of regulator control system inspection operation ticket is intelligently generated based on relational database | |
CN115187210A (en) | Abnormal information handling method, device, system, electronic equipment and storage medium | |
CN112035315A (en) | Webpage data monitoring method and device, computer equipment and storage medium | |
CN105678389A (en) | Detection method for operation, maintenance and management | |
CN106372549A (en) | Data processing method and device for medical apparatus | |
JP4363240B2 (en) | Vehicle inspection management system | |
CN114154094B (en) | Calculation method for untimely updating of website | |
US20230334340A1 (en) | Automated positive train control event data extraction and analysis engine for performing root cause analysis of unstructured data | |
KR102533552B1 (en) | IT infrastructure integrated history management method using the IT infrastructure integrated history management system | |
US20240143919A1 (en) | Systems and methods for extracting data from documents | |
US20220163941A1 (en) | Industrial commissioning procedures including loop checking | |
CN206696880U (en) | Product test management system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP02 | Change in the address of a patent holder | ||
CP02 | Change in the address of a patent holder |
Address after: 9/F, Block C, No. 28 Tianfu Avenue North Section, Chengdu High tech Zone, China (Sichuan) Pilot Free Trade Zone, Chengdu City, Sichuan Province, 610000 Patentee after: CHENGDU KNOWNSEC INFORMATION TECHNOLOGY Co.,Ltd. Address before: 610000, 11th floor, building 2, No. 219, Tianfu Third Street, hi tech Zone, Chengdu, Sichuan Province Patentee before: CHENGDU KNOWNSEC INFORMATION TECHNOLOGY Co.,Ltd. |