CN108123840A - Log processing method and system - Google Patents
Log processing method and system Download PDFInfo
- Publication number
- CN108123840A CN108123840A CN201711402638.8A CN201711402638A CN108123840A CN 108123840 A CN108123840 A CN 108123840A CN 201711402638 A CN201711402638 A CN 201711402638A CN 108123840 A CN108123840 A CN 108123840A
- Authority
- CN
- China
- Prior art keywords
- daily record
- record data
- data
- rule
- default
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/024—Standardisation; Integration using relational databases for representation of network management data, e.g. managing via structured query language [SQL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Debugging And Monitoring (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of log processing method and systems.The log processing method includes:Gather the first daily record data of the network equipment;Processing is filtered to first daily record data according to default input rule;Processing is formatted to the first daily record data after filtering according to default root rule, using the format conversion of the first daily record data after filtering as same data format.Log processing method provided by the present invention and system eliminate the isomerism between the first daily record data of each network equipment, and realize the data correlation between the first daily record data of each network equipment, it is achieved thereby that the real-time analysis and extension of daily record data.
Description
Technical field
The present invention relates to field of communication technology, more particularly to a kind of log processing method and system.
Background technology
In recent years, with the high speed development of internet, a large amount of new equipments, the use of new technology make the complexity of network
Exponentially is promoted again, therefore the risk of network failure greatly reinforces, so as to directly influence the quality of network and user experience.
Mainly the network equipment is monitored and analyzed by network log in the prior art, but monitoring of the prior art
There are the following problems with analysis method:
1st, since equipment increases, each equipment individually records self-operating situation, though cause the equipment of particular type can be normal
Operation, but for various reasons, the state of operation integrally requires not being inconsistent with system, so as to affect the operation of other equipment,
In this case can not be predicted from Web Log Analysis.
2nd, the use of new equipment and new technology, and each technology and equipment has monitoring and the log system of oneself, causes
Each equipment generates largely scattered isomeric data, and data each other can not associate, and causes that filing analysis and failure can not be unified
Anticipation.
3rd, due to there are the daily record data of a variety of isomeries, causing mass data that can not quickly access and analyze in real time.
The content of the invention
The present invention provides a kind of log processing method and system, for eliminating the isomery between the daily record data of each network equipment
Property, the daily record data of each network equipment is associated, so as to fulfill the real-time analysis and extension of daily record data.
To achieve the above object, the present invention provides a kind of log processing method, which includes:
Gather the first daily record data of the network equipment;
Processing is filtered to first daily record data according to default input rule;
Processing is formatted to the first daily record data after filtering according to default root rule, first day after filtering
The format conversion of will data is same data format.
Optionally, the basis presets root rule and processing is formatted to the first daily record data after filtering, will be each
The format conversion of the first daily record data after filtering includes for same data format:
Data dissection process is carried out to the first daily record data after filtering according to default root rule;
Processing is formatted to the first daily record data after parsing according to default root rule, first day after parsing
The format conversion of will data is same data format.
Optionally, the first daily record data after described pair of parsing is formatted processing, the first daily record after parsing
The format conversion of data further includes afterwards for same data format:
Data correlation is carried out to formatted first daily record data according to default root rule.
Optionally, the basis presets root rule and formatted first daily record data progress data correlation is included:
The corresponding associating key word collection of first daily record data is generated according to formatted first daily record data;
Data correlation is carried out according to formatted first daily record data of the associating key word set pair.
Optionally, the basis presets root rule and processing is formatted to the first daily record data after filtering, will be each
The format conversion of the first daily record data after filtering further includes afterwards for same data format:
Processing is filtered the first daily record data after association according to default output rule, generates the second daily record data;
Warning grade is set to second daily record data according to default early warning rule;
Corresponding second daily record data of each warning grade is stored to distributed archives queue.
To achieve the above object, the present invention provides a kind of log processing system, which includes:
Log acquisition module, for gathering the first daily record data of the network equipment;
Input rule module, for being filtered processing to first daily record data according to default input rule;
Root rule module, for being formatted processing to the first daily record data after filtering according to default root rule, with
It is same data format by the format conversion of the first daily record data after filtering.
Optionally, described rule module is specifically used for carrying out the first daily record data after filtering according to default root rule
Data dissection process;Processing is formatted to the first daily record data after parsing according to default root rule, after parsing
The format conversion of first daily record data is same data format.
Optionally, described rule module is specifically additionally operable to according to default root rule to formatted first daily record data
Carry out data correlation.
Optionally, described rule module is specifically used for generating the first daily record number according to formatted first daily record data
According to corresponding associating key word collection;Data pass is carried out according to formatted first daily record data of the associating key word set pair
Connection.
Optionally, which further includes:
Rule module is exported, for being filtered processing to the first daily record data after association according to default output rule,
Generate the second daily record data;
Early warning rule module, for setting warning grade to second daily record data according to default early warning rule;
Memory module, for storing corresponding second daily record data of each warning grade to distributed archives queue.
Beneficial effects of the present invention:
In the technical solution of log processing method provided by the present invention and system, by default root rule to the first daily record
Data are formatted processing, the isomerism between the first daily record data of each network equipment are eliminated, after to formatting
The first daily record data carry out data correlation, realize the real-time analysis and extension of daily record data.
Description of the drawings
Fig. 1 is a kind of flow chart for log processing method that the embodiment of the present invention one provides;
Fig. 2 is a kind of flow chart of log processing method provided by Embodiment 2 of the present invention;
Fig. 3 is a kind of structure diagram for log processing system that the embodiment of the present invention three provides.
Specific embodiment
For those skilled in the art is made to more fully understand technical scheme, the present invention is carried below in conjunction with the accompanying drawings
The log processing method and system of confession are described in detail.
Fig. 1 is a kind of flow chart for log processing method that the embodiment of the present invention one provides, as shown in Figure 1, at the daily record
Reason method includes:
Step 101, the first daily record data for gathering the network equipment.
Step 102 is filtered processing according to default input rule to first daily record data;
Step 103 is formatted processing according to default root rule to the first daily record data after filtering, after filtering
The first daily record data format conversion be same data format.
In the technical solution for the log processing method that the present embodiment is provided, by default root rule to the first daily record data
Processing is formatted, eliminates the isomerism between the first daily record data of each network equipment, by formatted
One daily record data carries out data correlation, realizes the real-time analysis and extension of daily record data.
Fig. 2 is a kind of flow chart of log processing method provided by Embodiment 2 of the present invention, as shown in the figure, the log processing
Method includes:
Step 201, the first daily record data for gathering the network equipment.
Specifically, the first daily record data that each network equipment is sent is gathered in real time, and carries out convergence.The present embodiment
In, the network equipment includes network monitoring system.
Specifically, further included before step 201:Gather the first daily record data set of network equipment system;For example, net
First log data set of network device systems is combined into A (equipment functions 1:First daily record data 1, equipment function 2:First daily record number
According to 2 ...), A is network equipment system, i.e., monitored device systems, a kind of equipment function pair answer a kind of network equipment, for example,
1 map network equipment 1 of equipment function.
In step 201, according to specified monitoring strategies, acquisition needs the first daily record number of the network equipment being monitored
According to.For example, it is desired to when monitoring the first daily record data 1 of the network equipment 1, when inquiring 1 corresponding daily record number of the first daily record data
A (equipment functions 1 are combined into according to collection:First daily record data 1, equipment function 2:First daily record data 2 ...) when, by network to net
Network device systems send message, and the log collection software being deployed on network equipment system is called to carry out the first daily record data 1
Crawl, so as to complete the extraction of the first daily record data 1.
Step 202 is filtered processing according to default input rule to first daily record data.
Specifically, processing is filtered to first daily record data according to default input rule, is met in advance with filtering out
If the first daily record data of input rule filters out the first daily record data for not meeting default input rule.Specifically, according to pre-
If input rule carries out first daily record data layout of the field of the first daily record data, meet default prison to filter out
First daily record data of control condition.For example, the first daily record data of certain network equipment is A (a1, a2, a3 ..., an), wherein, A
Represent the network equipment, an represents the field value of the first daily record data, it is assumed that default monitoring condition is more than default for field value
Threshold value, for example, an>50s, then by judging whether field value meets monitoring condition, you can filter out and meet default monitoring
First daily record data of condition filters out the first daily record data for not meeting default monitoring condition.
Step 203 is formatted processing according to default root rule to the first daily record data after filtering, by each filtering
The format conversion of the first daily record data afterwards is same data format.
Wherein, presetting root rule includes:Log field parsing (parselog), log event merge (logJoin), daily record
Event handling (logEvent), log event keyword association (logKeys) and log event number (logNum).Wherein,
Parselog includes:Message is sent by network, the daily record composite function of specific equipment is called to come to first day after filtering
Will data carry out dissection process, and are formatted processing to the first daily record data after parsing, then to formatted first
Daily record data carries out convergence.In the present embodiment, only included in default root rule and data type is carried out to the first daily record data
It is abstract so that the format conversion of the first daily record data is unified abstract data form, presetting root rule does not include to first
Daily record data is parsed, and the parsing of the first daily record data can send message by network, call the daily record group of specific equipment
Function is closed to complete.So as to avoid data parsing and extraction and device type of the isomeric data during data format
The problem of highly relevant;LogKeys includes:The associating key word of daily record data is set;LogJoin includes:To formatted
Daily record data carries out data correlation;LogEvent includes:Message is sent by network, specific equipment is called to carry out log event
Record;LogNum includes:Journal number is carried out to daily record data.
Specifically, step 203 includes:
Step 2031 carries out data dissection process according to default root rule to the first daily record data after filtering.
Specifically, the parselog in default root rule sends message by network, and far call is deployed in and is supervised
Log collection software on the device systems of control completes data dissection process according to the daily record composite function of setting.Daily record group
Close what function can be set according to actual needs, the present embodiment is not limited in any way this.
Step 2032 is formatted processing according to default root rule to the first daily record data after parsing, will parse
The format conversion of the first daily record data afterwards is same data format.
Specifically, in log field resolving, while the most basic of the formatting of the first daily record data is defined
Operation, according to the parselog in default root rule, after the first daily record data is parsed, to the first daily record data after parsing into
Formatting lines processing, using the format conversion of the first daily record data after parsing as same data format.In the process of formatting
In, the mapping relations of formatted first daily record data of reservation and the first original daily record data.
Step 2033 carries out data correlation according to default root rule to formatted first daily record data.
Specifically, data correlation is carried out to formatted first daily record data according to default data correlation rule.
Specifically, step 2033 includes:
Step 2033a, the corresponding associating key word of the first daily record data is generated according to formatted first daily record data
Collection.
Specifically, the logKeys in default root rule sets according to formatted first daily record data and formats
The associating key word of the first daily record data afterwards generates associating key word collection.
Step 2033b, data correlation is carried out according to formatted first daily record data of associating key word set pair.
Specifically, the logJoin in default root rule, according to formatted first daily record of associating key word set pair
Data carry out data correlation.
After the first Log data format, real-time data association is carried out, realizes the real-time analysis of the first daily record data
And extension, without uniformly reporting, avoid offline the problem of associating in traditional scheme.
The first daily record data after the default root regular record association of step 2034, basis.
Specifically, the logEvent in default root rule sends message by network, and specific equipment record is called to close
The first daily record data after connection.Specifically, the logEvent in default root rule is sent on monitored device systems, so
The index of the first daily record data needed for the log collection software records being deployed on monitored device systems is called afterwards.
Step 2035 is numbered the first daily record data after association according to default root rule.
Specifically, the first daily record data after association is numbered in the logNum in default root rule.
Step 204 is filtered the first daily record data after association processing according to default output rule, generates second day
Will data.
Specifically, processing is filtered to the first daily record data after association according to default output rule, it is full to filter out
First daily record data of the default output rule of foot filters out do not meet default output rule first day as the second daily record data
Will data.Specifically, the layout of the field of the first daily record data is carried out to first daily record data according to default output rule,
Meet the first daily record data of default monitoring condition to filter out as the second daily record data.
Step 205 sets warning grade according to default early warning rule to the second daily record data.
Step 206 stores corresponding second daily record data of each warning grade to distributed archives queue.
Specifically, according to the number carried out in step 2035 to the first daily record data, by each warning grade corresponding second
Daily record data is sequentially placed into distributed archives queue.
Finally, according to data balancing algorithm, corresponding second daily record data of each warning grade is evenly dispersed to store
In cluster.
In the present embodiment, there are the most basic operation of the formatting processing of daily record data, institute defined in the default root rule
It states default input rule, the default output rule and the default early warning rule and inherits the default root rule, it is described pre-
If there is also defined the most basic operation of the filtration treatment of daily record data in root rule, all operations are without the limit of data type
System.In the present embodiment, root rule is preset using call back scheme, only determines operation, all concrete operations using call-back manner, are led to
It crosses network and sends message, specific equipment is called to complete, so that operation is separated with data type.
The present embodiment provides log processing method, is realized based on Generic programming.
The present embodiment is by specified monitoring strategies, and setting needs capture and associated first daily record data, so as to avoid
All event of failure are intended to wasted storage caused by carrying out daily record storage in traditional scheme, and avoid nothing in traditional scheme
The problem of method real-time analyzing and associating.
According to log processing method provided in this embodiment, during subsequent daily record monitoring, can be wanted according to safety
It asks, formulates failure monitoring strategy, template is operated according to failure monitoring strategy generating, the daily record of underlying device is sent to by network
System, the log system of underlying device further according to operation template-setup log collection scheme, wherein, the form for operating template can be with
For warning grade (equipment 1:Item collection 1 (setting option 1, setting option 2 ...) equipment 2 is set:Item collection 2 (setting option 1, setting option are set
2 ...) ...).Wherein, warning grade (level_Warning) log event corresponding with the first daily record data monitored is tight
Weight degree is related, and the definition of grade is formulated by monitoring personnel according to monitoring strategies.According to the log processing method of the present embodiment,
In default root rule, specific log collection is not done and is called, only preserve the corresponding every daily record data of failure monitoring strategy and equipment
The correspondence of setting option, so as to avoid traditional daily record monitoring and monitoring device close coupling, can not Dynamic expansion, in real time point
The problem of analysis.
In the technical solution for the log processing method that the present embodiment is provided, by default root rule to the first daily record data
Processing is formatted, eliminates the isomerism between the first daily record data of each network equipment, by formatted
One daily record data carries out data correlation, realizes the real-time analysis and extension of daily record data.
Fig. 3 is a kind of structure diagram for log processing system that the embodiment of the present invention three provides, as shown in figure 3, the day
Will processing system includes:Log acquisition module 301, input rule module 302 and root rule module 303.
Wherein, log acquisition module 301 is used to gather the first daily record data of the network equipment 300.
Input rule module 302, for being filtered processing to first daily record data according to default input rule;
Root rule module 303 is used to be formatted processing to the first daily record data after filtering according to default root rule,
Using the format conversion of the first daily record data after filtering as same data format.
Specifically, described rule module 303 is specifically used for according to default root rule to the first daily record data after filtering
Carry out data dissection process;Processing is formatted to the first daily record data after parsing according to default root rule, will be parsed
The format conversion of the first daily record data afterwards is same data format.
Specifically, described rule module 303 is specific is additionally operable to according to default root rule to formatted first daily record
Data carry out data correlation.Specifically, described rule module 303 is specifically used for being given birth to according to formatted first daily record data
Into the corresponding associating key word collection of the first daily record data;According to formatted first daily record data of the associating key word set pair
Carry out data correlation.
Specifically, which further includes output rule module 304, early warning rule module 305 and memory module
306。
Wherein, rule module 304 is exported to be used to carry out the first daily record data after association according to default output rule
Filter is handled, and generates the second daily record data;
Early warning rule module 305 is used to set warning grade to second daily record data according to default early warning rule;
Memory module 306 is used to store corresponding second daily record data of each warning grade to distributed archives queue.
The log processing system that the present embodiment is provided is used to implement the log processing method of the offer of above-described embodiment two,
It specifically describes and can be found in above-described embodiment two, details are not described herein again.
In the technical solution for the log processing system that the present embodiment is provided, by default root rule to the first daily record data
Processing is formatted, eliminates the isomerism between the first daily record data of each network equipment, by formatted
One daily record data carries out data correlation, realizes the real-time analysis and extension of daily record data.
It is understood that the principle that embodiment of above is intended to be merely illustrative of the present and the exemplary implementation that uses
Mode, however the present invention is not limited thereto.For those skilled in the art, the essence of the present invention is not being departed from
In the case of refreshing and essence, various changes and modifications can be made therein, these variations and modifications are also considered as protection scope of the present invention.
Claims (10)
1. a kind of log processing method, which is characterized in that including:
Gather the first daily record data of the network equipment;
Processing is filtered to first daily record data according to default input rule;
Processing is formatted to the first daily record data after filtering according to default root rule, the first daily record number after filtering
According to format conversion be same data format.
2. log processing method according to claim 1, which is characterized in that after the basis presets root rule to filtering
First daily record data is formatted processing, using by the format conversion of the first daily record data after each filtering as same data format
Including:
Data dissection process is carried out to the first daily record data after filtering according to default root rule;
Processing is formatted to the first daily record data after parsing according to default root rule, the first daily record number after parsing
According to format conversion be same data format.
3. log processing method according to claim 2, which is characterized in that described pair parsing after the first daily record data into
Formatting lines processing, the format conversion of the first daily record data after parsing to be further included afterwards as same data format:
Data correlation is carried out to formatted first daily record data according to default root rule.
4. log processing method according to claim 3, which is characterized in that after the basis presets root rule to formatting
The first daily record data carry out data correlation include:
The corresponding associating key word collection of first daily record data is generated according to formatted first daily record data;
Data correlation is carried out according to formatted first daily record data of the associating key word set pair.
5. log processing method according to claim 3, which is characterized in that after the basis presets root rule to filtering
First daily record data is formatted processing, using by the format conversion of the first daily record data after each filtering as same data format
It further includes afterwards:
Processing is filtered the first daily record data after association according to default output rule, generates the second daily record data;
Warning grade is set to second daily record data according to default early warning rule;
Corresponding second daily record data of each warning grade is stored to distributed archives queue.
6. a kind of log processing system, which is characterized in that including:
Log acquisition module, for gathering the first daily record data of the network equipment;
Input rule module, for being filtered processing to first daily record data according to default input rule;
Root rule module, for being formatted processing to the first daily record data after filtering according to default root rule, by mistake
The format conversion of the first daily record data after filter is same data format.
7. log processing system according to claim 6, which is characterized in that
Described rule module is specifically used for carrying out at data parsing the first daily record data after filtering according to default root rule
Reason;Processing is formatted to the first daily record data after parsing according to default root rule, the first daily record number after parsing
According to format conversion be same data format.
8. log processing system according to claim 7, which is characterized in that
Described rule module is specifically additionally operable to carry out data pass to formatted first daily record data according to default root rule
Connection.
9. log processing system according to claim 8, which is characterized in that
Described rule module is specifically used for generating the corresponding pass of the first daily record data according to formatted first daily record data
Join set of keywords;Data correlation is carried out according to formatted first daily record data of the associating key word set pair.
10. log processing system according to claim 8, which is characterized in that further include:
Rule module is exported, for being filtered processing to the first daily record data after association according to default output rule, is generated
Second daily record data;
Early warning rule module, for setting warning grade to second daily record data according to default early warning rule;
Memory module, for storing corresponding second daily record data of each warning grade to distributed archives queue.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711402638.8A CN108123840A (en) | 2017-12-22 | 2017-12-22 | Log processing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711402638.8A CN108123840A (en) | 2017-12-22 | 2017-12-22 | Log processing method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108123840A true CN108123840A (en) | 2018-06-05 |
Family
ID=62231057
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711402638.8A Pending CN108123840A (en) | 2017-12-22 | 2017-12-22 | Log processing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108123840A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109033319A (en) * | 2018-07-18 | 2018-12-18 | 长扬科技(北京)有限公司 | A kind of big data log method for normalizing and tool |
| CN109783330A (en) * | 2018-12-10 | 2019-05-21 | 北京京东金融科技控股有限公司 | Log processing method, display methods and relevant apparatus, system |
| CN109902072A (en) * | 2019-02-21 | 2019-06-18 | 云南电网有限责任公司红河供电局 | A kind of log processing system |
| CN110691070A (en) * | 2019-09-07 | 2020-01-14 | 温州医科大学 | Network abnormity early warning method based on log analysis |
| CN110995466A (en) * | 2019-11-06 | 2020-04-10 | 通号通信信息集团有限公司 | Multi-format log unified processing method and system under security situation awareness system |
| CN111125225A (en) * | 2019-12-24 | 2020-05-08 | 北京数衍科技有限公司 | Bill data analysis method and device and server |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070038889A1 (en) * | 2005-08-11 | 2007-02-15 | Wiggins Robert D | Methods and systems to access process control log information associated with process control systems |
| CN101320348A (en) * | 2008-06-25 | 2008-12-10 | 中兴通讯股份有限公司 | Log function implementing method of embedded system |
| CN101888309A (en) * | 2010-06-30 | 2010-11-17 | 中国科学院计算技术研究所 | Online log analysis method |
| CN102394771A (en) * | 2011-10-26 | 2012-03-28 | 广州杰赛科技股份有限公司 | Socket type embedded log acquisition system and method |
| CN102768636A (en) * | 2011-05-05 | 2012-11-07 | 阿里巴巴集团控股有限公司 | Log analysis method and log analysis device |
| CN103178982A (en) * | 2011-12-23 | 2013-06-26 | 阿里巴巴集团控股有限公司 | Method and device for analyzing log |
| CN103593791A (en) * | 2013-11-07 | 2014-02-19 | 广州优蜜信息科技有限公司 | Mobile advertisement putting method and system |
| CN103824069A (en) * | 2014-03-19 | 2014-05-28 | 北京邮电大学 | Intrusion detection method based on multi-host-log correlation |
| GB2514590A (en) * | 2013-05-30 | 2014-12-03 | Anite Telecoms Ltd | Method and apparatus for logging data records |
| CN105224646A (en) * | 2015-09-29 | 2016-01-06 | 北京金山安全软件有限公司 | Object relation analysis method and device and electronic equipment |
| CN105447099A (en) * | 2015-11-11 | 2016-03-30 | 中国建设银行股份有限公司 | Log structured information extraction method and apparatus |
| CN106168909A (en) * | 2016-06-30 | 2016-11-30 | 北京奇虎科技有限公司 | A kind for the treatment of method and apparatus of daily record |
| CN106254096A (en) * | 2016-07-21 | 2016-12-21 | 柳州龙辉科技有限公司 | A kind of processing means of Linux daily record |
-
2017
- 2017-12-22 CN CN201711402638.8A patent/CN108123840A/en active Pending
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070038889A1 (en) * | 2005-08-11 | 2007-02-15 | Wiggins Robert D | Methods and systems to access process control log information associated with process control systems |
| CN101320348A (en) * | 2008-06-25 | 2008-12-10 | 中兴通讯股份有限公司 | Log function implementing method of embedded system |
| CN101888309A (en) * | 2010-06-30 | 2010-11-17 | 中国科学院计算技术研究所 | Online log analysis method |
| CN102768636A (en) * | 2011-05-05 | 2012-11-07 | 阿里巴巴集团控股有限公司 | Log analysis method and log analysis device |
| CN102394771A (en) * | 2011-10-26 | 2012-03-28 | 广州杰赛科技股份有限公司 | Socket type embedded log acquisition system and method |
| CN103178982A (en) * | 2011-12-23 | 2013-06-26 | 阿里巴巴集团控股有限公司 | Method and device for analyzing log |
| GB2514590A (en) * | 2013-05-30 | 2014-12-03 | Anite Telecoms Ltd | Method and apparatus for logging data records |
| CN103593791A (en) * | 2013-11-07 | 2014-02-19 | 广州优蜜信息科技有限公司 | Mobile advertisement putting method and system |
| CN103824069A (en) * | 2014-03-19 | 2014-05-28 | 北京邮电大学 | Intrusion detection method based on multi-host-log correlation |
| CN105224646A (en) * | 2015-09-29 | 2016-01-06 | 北京金山安全软件有限公司 | Object relation analysis method and device and electronic equipment |
| CN105447099A (en) * | 2015-11-11 | 2016-03-30 | 中国建设银行股份有限公司 | Log structured information extraction method and apparatus |
| CN106168909A (en) * | 2016-06-30 | 2016-11-30 | 北京奇虎科技有限公司 | A kind for the treatment of method and apparatus of daily record |
| CN106254096A (en) * | 2016-07-21 | 2016-12-21 | 柳州龙辉科技有限公司 | A kind of processing means of Linux daily record |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109033319A (en) * | 2018-07-18 | 2018-12-18 | 长扬科技(北京)有限公司 | A kind of big data log method for normalizing and tool |
| CN109783330A (en) * | 2018-12-10 | 2019-05-21 | 北京京东金融科技控股有限公司 | Log processing method, display methods and relevant apparatus, system |
| CN109902072A (en) * | 2019-02-21 | 2019-06-18 | 云南电网有限责任公司红河供电局 | A kind of log processing system |
| CN110691070A (en) * | 2019-09-07 | 2020-01-14 | 温州医科大学 | Network abnormity early warning method based on log analysis |
| CN110691070B (en) * | 2019-09-07 | 2022-02-11 | 温州医科大学 | Network abnormity early warning method based on log analysis |
| CN110995466A (en) * | 2019-11-06 | 2020-04-10 | 通号通信信息集团有限公司 | Multi-format log unified processing method and system under security situation awareness system |
| CN110995466B (en) * | 2019-11-06 | 2022-04-26 | 通号通信信息集团有限公司 | Multi-format log unified processing method and system under security situation awareness system |
| CN111125225A (en) * | 2019-12-24 | 2020-05-08 | 北京数衍科技有限公司 | Bill data analysis method and device and server |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108123840A (en) | Log processing method and system | |
| US11700303B1 (en) | Distributed data analysis for streaming data sources | |
| CN111131379B (en) | Distributed flow acquisition system and edge calculation method | |
| CN103152352B (en) | A kind of perfect information security forensics monitor method based on cloud computing environment and system | |
| CN107294764A (en) | Intelligent supervision method and intelligent monitoring system | |
| US8954971B2 (en) | Data collecting method, data collecting apparatus and network management device | |
| CN106790718A (en) | Service call link analysis method and system | |
| CN109284251A (en) | Blog management method, device, computer equipment and storage medium | |
| KR20150112357A (en) | Sensor data processing system and method thereof | |
| CN109739877B (en) | Database system and data management method | |
| CN107317724A (en) | Data collecting system and method based on cloud computing technology | |
| CN111752799A (en) | Service link tracking method, device, equipment and storage medium | |
| CN105227405B (en) | monitoring method and system | |
| CN108039959A (en) | Situation Awareness method, system and the relevant apparatus of a kind of data | |
| CN110188099A (en) | A kind of data managing method and device | |
| CN109522388A (en) | A kind of creation method and device of intelligence worksheet processing rule | |
| CN107391770B (en) | Method, device and equipment for processing data and storage medium | |
| CN107104820B (en) | Dynamic capacity-expansion daily operation and maintenance method based on F5 server node | |
| CN106708965A (en) | Data processing method and apparatus | |
| CN108268355A (en) | For the monitoring system and method for data center | |
| CN107360035B (en) | Data processing method and system | |
| CN115622867A (en) | Industrial control system safety event early warning classification method and system | |
| CN115883407A (en) | Data acquisition method, system, equipment and storage medium | |
| CN105632248A (en) | Safety monitoring system and data processing method therefor | |
| CN107479974A (en) | A kind of dispatching method of virtual machine and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180605 |