CN109257213B - Method and device for judging computer terminal access verification failure - Google Patents

Method and device for judging computer terminal access verification failure Download PDF

Info

Publication number
CN109257213B
CN109257213B CN201811050181.3A CN201811050181A CN109257213B CN 109257213 B CN109257213 B CN 109257213B CN 201811050181 A CN201811050181 A CN 201811050181A CN 109257213 B CN109257213 B CN 109257213B
Authority
CN
China
Prior art keywords
log
feature code
management system
fault
record table
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811050181.3A
Other languages
Chinese (zh)
Other versions
CN109257213A (en
Inventor
王振达
许卓伟
彭锴
吴福疆
陈光文
黄小奇
姚冰纯
纪炜灿
林资川
金文娴
郭济端
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Power Grid Co Ltd
Shantou Power Supply Bureau of Guangdong Power Grid Co Ltd
Original Assignee
Guangdong Power Grid Co Ltd
Shantou Power Supply Bureau of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Power Grid Co Ltd, Shantou Power Supply Bureau of Guangdong Power Grid Co Ltd filed Critical Guangdong Power Grid Co Ltd
Priority to CN201811050181.3A priority Critical patent/CN109257213B/en
Publication of CN109257213A publication Critical patent/CN109257213A/en
Application granted granted Critical
Publication of CN109257213B publication Critical patent/CN109257213B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/08Protocols specially adapted for terminal emulation, e.g. Telnet

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention provides a method and a device for judging the access verification failure of a computer terminal, which relate to the technical field of the access verification of the computer terminal, and the method comprises the following steps: respectively acquiring corresponding log information of the AD domain management system, the desktop security management system and the anti-virus management system, and generating corresponding log record tables according to the corresponding log information, wherein log feature codes are respectively recorded in the corresponding log record tables; and integrating the three log record tables to generate an admission verification check table, performing step-by-step matching verification on the log feature codes in the admission verification check table and preset fault feature code data, and judging whether the fault type is a short-time fault or a field fault according to a matching verification result. The invention can accurately judge whether the computer terminal can be self-repaired after the access verification fault, judge whether two lines of operation and maintenance personnel need to be allocated to arrive at the site for fault maintenance, and improve the working efficiency of the operation and maintenance personnel.

Description

Method and device for judging computer terminal access verification failure
Technical Field
The invention relates to the technical field of computer terminal admission verification, in particular to a method and a device for judging the failure of computer terminal admission verification.
Background
For computer information security management of large enterprises, computer admission verification is a primary and necessary security verification mechanism.
At present, when a plurality of large enterprises access computer terminals to internal networks, the adopted network access verification is basically distinguished by three basic elements of AD (Active Directory) domain authentication, desktop security management registration and anti-virus module integrity. Under the normal and smooth condition, a computer user authenticates and logs in through a CA (Certificate Authority), passes the authentication of a first layer of AD domain management system, then registers and returns registration online information through a terminal desktop management system client, the third step is that the computer terminal antivirus client self-checks to check the integrity of the antivirus component, finally, an admission module performs domain name matching and desktop security management system process matching, and network resources are obtained after all the information passes. There are several possible false positives for such authentication mechanisms, including: (1) the port access is not started, and the computer administrator authority login is not performed through the domain authentication; (2) the user logs in the computer by using the cached login information and does not normally communicate with the domain management system for verification; (3) the client process of the desktop security management system is not started, and registration information is not obtained; (4) the anti-virus module is not updated, and the component verification serial number is not matched with the server side before updating; (5) the anti-virus assembly is failed, can not be repaired by self and needs to be reinstalled.
The above fault types can cause the computer terminal to pass the access verification for a short time or continuously, but for the operation and maintenance manager, the problems that the domain verification communication is abnormal for a short time, the desktop security management system client is not started, the anti-virus component is not updated, and the like, which fail the verification, can be automatically repaired by the computer terminal after the restart or the re-verification in a short time, and the operation and maintenance person does not need to be assigned to the site for fault maintenance. For the problems such as the failure of an anti-virus component or the failure of a client of a desktop safety management system, two-line operation and maintenance personnel must be dispatched in time to arrive at the site for fault maintenance. However, for a user of a computer terminal, it is generally impossible to distinguish which problems that the verification fails can be repaired by himself, which problems that the verification fails require the second-line operation and maintenance personnel to arrive at the site, and once the problems that the verification fails occur, the user can inform the second-line operation and maintenance personnel to arrive at the site by telephone, which causes waste of labor cost and time cost, and low working efficiency.
Disclosure of Invention
In view of this, the present invention provides a method and an apparatus for determining a computer terminal access verification failure, which can accurately determine whether a computer terminal access verification failure can be self-repaired, determine whether a second-line operation and maintenance worker must be assigned to arrive at a site for fault maintenance, and improve the work efficiency of the operation and maintenance worker.
In a first aspect, an embodiment of the present invention provides a method for determining an access verification failure of a computer terminal, where an AD domain management system, a desktop security management system, an anti-virus management system, and a shared server are deployed on a network server to which the computer terminal is accessed, and the method includes:
acquiring first log information of the AD domain management system, and generating a first log record table according to the first log information, wherein the first log record table comprises a first log feature code;
acquiring second log information of the desktop security management system, and generating a second log record table according to the second log information, wherein the second log record table comprises a second log feature code;
acquiring third log information of the anti-virus management system, and generating a third log record table according to the third log information, wherein the third log record table comprises a third log feature code;
integrating the first log record table, the second log record table and the third log record table and generating an admission verification check table;
and performing step-by-step matching verification on the first log feature code, the second log feature code and the third log feature code in the admission verification check table and preset fault feature code data stored in the shared server, and judging whether the fault type is a short-time fault or a field fault according to a matching verification result.
With reference to the first aspect, an embodiment of the present invention provides a first possible implementation manner of the first aspect, where the step of obtaining second log information of the desktop security management system includes:
decrypting a database log file of the desktop security management system;
storing the decrypted log file into a temporary table space, and acquiring the second log information from the temporary table space;
the step of obtaining the third log information of the antivirus management system includes:
decrypting the database log file of the anti-virus management system;
and storing the decrypted log file into a temporary table space, and acquiring the third log information from the temporary table space.
With reference to the first aspect, an embodiment of the present invention provides a second possible implementation manner of the first aspect, where the step of performing step-by-step matching verification on the first log feature code, the second log feature code, and the third log feature code in the admission verification check table and preset fault feature code data stored in the shared server, and determining whether the fault type is a short-time fault or a field fault according to a matching verification result includes:
matching and verifying the first log feature code and the preset fault feature code data, judging whether the first log feature code is a fault feature code, and if so, judging that the first log feature code is a field fault;
otherwise, matching and verifying the second log feature code and the preset fault feature code data, judging whether the second log feature code is a fault feature code, and if so, judging that the second log feature code is a field fault;
and if not, matching and verifying the third log feature code and the preset fault feature code data, judging whether the third log feature code is a fault feature code, if so, judging that the third log feature code is a field fault, otherwise, judging that the third log feature code is a short-time fault.
With reference to the first aspect or the second possible implementation manner of the first aspect, an embodiment of the present invention provides a third possible implementation manner of the first aspect, where the method further includes:
when the field fault is judged, initiating a work order distribution process;
and when the short-time fault is determined, initiating a service desk filing process.
With reference to the first aspect, an embodiment of the present invention provides a second possible implementation manner of the first aspect, where the first log record table, the second log record table, and the third log record table further include at least a login request time of a computer terminal, a user name, a computer name, and a login verification result.
With reference to the first aspect, an embodiment of the present invention provides a third possible implementation manner of the first aspect, where the first log record table, the second log record table, and the third log record table are generated once every preset time in a preset period, and the admission verification check table and the verification of the fault type are generated once correspondingly.
In a second aspect, an embodiment of the present invention further provides a device for determining an access verification failure of a computer terminal, where an AD domain management system, a desktop security management system, an anti-virus management system, and a file sharing server are deployed on a network server accessed by the computer terminal, and the device includes: the system comprises an AD domain management system timing script module, a desktop security management system timing script module, an anti-virus management system timing script module and a file sharing server timing script module;
the AD domain management system timing script module is used for acquiring first log information of the AD domain management system and generating a first log record table according to the first log information, wherein the first log record table comprises a first log feature code;
the desktop security management system timing script module is used for acquiring second log information of the desktop security management system and generating a second log record table according to the second log information, wherein the second log record table comprises a second log feature code;
the anti-virus management system timing script module is used for acquiring third log information of the anti-virus management system and generating a third log record table according to the third log information, wherein the third log record table comprises a third log feature code;
and the file sharing server timing script module is used for integrating the first log record table, the second log record table and the third log record table to generate an admission verification check table, performing step-by-step matching verification on the log feature codes in the admission verification check table and preset fault feature code data stored in the file sharing server, and judging whether the fault type is a short-time fault or a field fault according to a matching verification result.
With reference to the second aspect, an embodiment of the present invention provides a first possible implementation manner of the second aspect, where the first possible implementation manner further includes a first log decryption module and a second log decryption module;
the second log decryption module is used for decrypting a database log file of the desktop security management system and storing the decrypted log file into a temporary table space, wherein the decrypted log file is provided for the desktop security management system timing script module to be used for extracting second log information;
and the third log decryption module is used for decrypting the database log file of the anti-virus management system and storing the decrypted log file into a temporary table space, wherein the decrypted log file is provided for the anti-virus management system timing script module to be used for extracting third log information.
With reference to the second aspect, an embodiment of the present invention provides a second possible implementation manner of the second aspect, where the first log record table, the second log record table, and the third log record table further include at least a login request time of the computer terminal, a user name, a computer name, and a login verification result.
With reference to the second aspect, an embodiment of the present invention provides a third possible implementation manner of the second aspect, where the AD domain management system timing script module, the desktop security management system timing script module, and the anti-virus management system timing script module perform table lifting once every preset time in a preset period, and generate a first log record table, a second log record table, and a third log record table corresponding to each other; and the file sharing server timing script module correspondingly generates the admission verification check table and verifies the fault type once every preset time in a preset period.
The embodiment of the invention has the following beneficial effects: according to the invention, the log information of the computer terminal in the AD domain management system, the desktop security management system and the anti-virus management system is extracted, three log record tables are respectively generated, each log record table comprises a corresponding log feature code, the three log record tables are used for generating the terminal access verification check table, and the corresponding log feature codes and the preset fault feature code data are subjected to step-by-step matching verification by a step-by-step log matching method, so that the accurate judgment on the specific reason of the access failure of the computer terminal is realized, the judgment on the fault type by operation and maintenance personnel is effectively helped, the operation and maintenance labor cost is reduced, the work efficiency of the operation and maintenance personnel is greatly improved, and the operation and maintenance quality is improved.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a method for determining an admission verification failure of a computer terminal according to an embodiment of the present invention;
fig. 2 is a flowchart of step S200 of a method for determining an admission verification failure of a computer terminal according to an embodiment of the present invention;
fig. 3 is a flowchart of step S300 of the method for determining an admission verification failure of a computer terminal according to an embodiment of the present invention;
fig. 4 is a flowchart of step S500 of a method for determining an admission verification failure of a computer terminal according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an apparatus for determining an admission verification failure of a computer terminal according to a second embodiment of the present invention.
Icon:
101-AD domain management system timing script module; 102-AD domain management system; 201-desktop security management system timing script module; 202-desktop security management system; 203-a first log decryption module; 301-anti-virus management module timing script module; 302-an anti-virus management system; 303-a second log decryption module; 401-file sharing server timing script module; 402-file sharing server.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
At present, for a user of a computer terminal, the problem that which access verification fails can be repaired by himself/herself cannot be distinguished under normal conditions, and the problem that which verification fails needs to be arrived at the site by a second-line operation and maintenance worker.
Based on this, the method and the device for judging the access verification failure of the computer terminal provided by the embodiment of the invention can produce the matching table through the script tool for matching and verifying the log feature code of the three elements (the AD domain management system, the desktop management system and the anti-virus management system) so as to provide the matching table for the service staff to carry out matching query on the computer terminal guaranteed by the user and judge whether the user fault repair problem needs to be processed by assigning two lines to the field.
A computer terminal in this context refers to a computer terminal that accesses an enterprise internal network server. It should be noted that, the AD domain management system is an area computer and a user policy management system deployed on the server; the desktop security management system is a regional computer desktop security management system deployed on a server; the anti-virus management system is an anti-virus safety management system deployed on a server, and the file sharing server is also a file sharing server deployed on the server.
To facilitate understanding of the embodiment, a method for determining an admission verification failure of a computer terminal disclosed in the embodiment of the present invention is first described in detail.
The first embodiment is as follows:
fig. 1 is a flowchart of a method for determining an admission verification failure of a computer terminal according to an embodiment of the present invention.
Referring to fig. 1, the method includes the steps of:
and S100, acquiring first log information of the AD domain management system, wherein the first log information is data information accessed and logged by a computer terminal, classifying and recording the information according to a set format, generating a first log record table, and storing the first log information to a specified position. The first log information comprises a user name requesting AD domain login verification, login time, a computer name, a verification login result and a first log feature code.
S200, second log information of the desktop security management system is obtained, a second log record table is generated according to the second log information, the second log information is a registration login log fed back by a client of the desktop security management system, the login request time, the user name, the computer name, the login verification result and corresponding second log feature codes in the log are classified, sorted and recorded, the second log record table is generated, and the second log record table is stored to a designated position.
Further, as shown in fig. 2, S200 includes:
s201, decrypting a database log file of the desktop security management system;
s202, storing the decrypted log file into a temporary table space, and acquiring the second log information from the temporary table space.
S300, third log information of the anti-virus management system is obtained, a third log record table is generated according to the third log information, the third log information is a system log fed back by a checking result of a self-checking module of the anti-virus client component of the computer terminal, the grade request time, the user name, the computer name, the self-checking result and the corresponding log feature code are recorded, the third log record table is generated, and the third log record table is stored to a specified position.
Further, as shown in fig. 3, S300 includes:
s301, decrypting the database log file of the anti-virus management system;
s302, storing the decrypted log file into a temporary table space, and acquiring the third log information from the temporary table space.
The execution sequence of steps S100 to S300 is not specifically defined, and for example, the second log record table may be generated first, the first log record table may be generated again, and the third log record table may be generated finally. Moreover, the three log record tables can be extracted and generated simultaneously.
S400, integrating the first log record table, the second log record table and the third log record table according to set conditions and generating an admission verification check table;
and S500, performing step-by-step matching verification on the first log feature code, the second log feature code and the third log feature code in the admission verification check table and preset fault feature code data stored in the shared server, and judging whether the fault type is a short-time fault or a field fault according to a matching verification result.
Further, as shown in fig. 4, step S500 includes:
s501, matching and verifying the first log feature code and the preset fault feature code data, judging whether the first log feature code is a fault feature code, and if so, judging that the first log feature code is a field fault;
s502, otherwise, matching and verifying the second log feature code and the preset fault feature code data, judging whether the second log feature code is a fault feature code, and if so, judging that the second log feature code is a field fault;
s503, otherwise, matching and verifying the third log feature code and the preset fault feature code data, and judging whether the third log feature code is a fault feature code;
s504, if the fault feature code is present, the fault is judged to be a field fault; the field fault is a fault which cannot be automatically repaired;
s505, when the field fault is judged, the computer terminal which cannot be automatically repaired and fails in verification is switched to an operation and maintenance work order distribution process, namely, the work order distribution process is initiated;
s506, if not, determining that the fault is a short-time fault, wherein the short-time fault is a fault capable of being automatically repaired;
and S507, when the short-time fault is judged, initiating a service desk filing process for a remote response basis of the fault consultation request of the user.
And respectively generating the first log record table, the second log record table and the third log record table once every preset time in a preset period, and correspondingly generating the admission verification check table and verifying the fault type once.
It should be noted that the preset period may be set to 15 minutes in 8 am to 45 minutes in 17 pm on a weekday; and the preset time may be 15 minutes. And the preset time for generating the admission verification check table may be set to be slightly longer than the preset time for the three record tables, for example, may be set to be generated every 16 minutes. The 15 minutes refers to the computer accessing the login data information within 15 minutes before the current time, and the 16 minutes refers to the admission verification check table generated within 16 minutes before the current time. The generated admission verification check table may be named "terminal admission verification check table at a certain day of the month", and in addition, the manual operation stop or the manual operation start may be set in the specific implementation. The user can select whether the setting is executed periodically automatically or manually according to actual conditions.
Example two:
as shown in fig. 5, in the apparatus for determining an access verification failure of a computer terminal, it should be noted that the AD domain management system 102, the desktop security management system 202, and the anti-virus management system 302 are installed on the computer terminal in the present invention, and the computer terminal is connected to a shared server 402. The device comprises: the system comprises an AD domain management system timing script module 101, a desktop security management system timing script module 201, an anti-virus management system timing script module 301, a file sharing server timing script module 401, a first log decryption module 203 and a second log decryption module 303.
The AD domain management system timing script module 101 is configured to obtain first log information of the AD domain management system, and generate a first log record table according to the first log information, where the first log record table includes a first log feature code.
The desktop security management system timing script module 201 is configured to obtain second log information of the desktop security management system, and generate a second log record table according to the second log information, where the second log record table includes a second log feature code; the second log decryption module 203 is configured to decrypt a database log file of the desktop security management system, and store the decrypted log file in a temporary table space, where the decrypted log file is provided to the desktop security management system timing script module 201 to extract second log information.
The anti-virus management system timing script module 301 is configured to obtain third log information of the anti-virus management system, and generate a third log record table according to the third log information, where the third log record table includes a third log feature code. And a third log decryption module 303, configured to decrypt the database log file of the antivirus management system, and store the decrypted log file in the temporary table space, where the decrypted log file is provided to the antivirus management system timing script module 301 to extract third log information.
The file sharing server timing script module 401 is configured to integrate the first log record table, the second log record table, and the third log record table to generate an admission verification check table, perform step-by-step matching verification on log feature codes in the admission verification check table and preset fault feature code data stored in the sharing server, and determine whether the fault type is a short-term fault or a field fault according to a matching verification result.
Further, the first log record table, the second log record table and the third log record table at least comprise a login request time of the computer terminal, a user name, a computer name and a login verification result.
Further, the AD domain management system timing script module 101, the desktop security management system timing script module 201, and the anti-virus management system timing script module 301 perform table lifting once every preset time in a preset period, and generate a first log record table, a second log record table, and a third log record table corresponding thereto; the file sharing server timing script module 401 correspondingly generates the admission verification check table and verifies the fault type once every preset time in a preset period.
The device provided by the embodiment of the present invention has the same implementation principle and technical effect as the method embodiments, and for the sake of brief description, reference may be made to the corresponding contents in the method embodiments without reference to the device embodiments.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and the apparatus described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The method for judging the access verification failure of the computer terminal provided by the embodiment of the invention has the same technical characteristics as the device for judging the access verification failure of the computer terminal provided by the embodiment, so that the same technical problems can be solved, and the same technical effect can be achieved.
In the description of the present invention, it should be noted that the terms "first", "second", and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
The computer program product for performing the method for determining the admission verification failure of the computer terminal according to the embodiment of the present invention includes a computer-readable storage medium storing a non-volatile program code executable by a processor, where instructions included in the program code may be used to execute the method described in the foregoing method embodiment, and specific implementation may refer to the method embodiment, which is not described herein again.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer-readable storage medium executable by a processor. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (9)

1. A method for judging the access verification failure of a computer terminal is characterized in that an AD domain management system, a desktop security management system, an anti-virus management system and a file sharing server are deployed on a network server accessed by the computer terminal, and the method comprises the following steps:
acquiring first log information of the AD domain management system, and generating a first log record table according to the first log information, wherein the first log record table comprises a first log feature code;
acquiring second log information of the desktop security management system, and generating a second log record table according to the second log information, wherein the second log record table comprises a second log feature code;
acquiring third log information of the anti-virus management system, and generating a third log record table according to the third log information, wherein the third log record table comprises a third log feature code;
integrating the first log record table, the second log record table and the third log record table and generating an admission verification check table;
matching and verifying the first log feature code, the second log feature code and the third log feature code in the admission verification check table with preset fault feature code data stored in the file sharing server step by step, and judging whether the fault type is a short-time fault or a field fault according to a matching and verifying result;
the step of matching and verifying the first log feature code, the second log feature code and the third log feature code in the admission verification check table with preset fault feature code data stored in the file sharing server step by step, and judging whether the fault type is a short-time fault or a field fault according to a matching and verifying result comprises the following steps:
matching and verifying the first log feature code and the preset fault feature code data, judging whether the first log feature code is a fault feature code, and if so, judging that the first log feature code is a field fault;
otherwise, matching and verifying the second log feature code and the preset fault feature code data, judging whether the second log feature code is a fault feature code, and if so, judging that the second log feature code is a field fault;
and if not, matching and verifying the third log feature code and the preset fault feature code data, judging whether the third log feature code is a fault feature code, if so, judging that the third log feature code is a field fault, otherwise, judging that the third log feature code is a short-time fault.
2. The method of claim 1, wherein the step of obtaining the second log information of the desktop security management system comprises:
decrypting a database log file of the desktop security management system;
storing the decrypted log file into a temporary table space, and acquiring the second log information from the temporary table space;
the step of obtaining the third log information of the antivirus management system includes:
decrypting the database log file of the anti-virus management system;
and storing the decrypted log file into a temporary table space, and acquiring the third log information from the temporary table space.
3. The method of claim 1, wherein the method further comprises:
when the field fault is judged, initiating a work order distribution process;
and when the short-time fault is determined, initiating a service desk filing process.
4. The method of claim 1, wherein the first log record table, the second log record table and the third log record table further comprise at least a login request time, a user name, a computer name and a login verification result of the computer terminal.
5. The method of claim 1, wherein the first log record table, the second log record table and the third log record table are generated once every preset time within a preset period, and the admission verification check table and the verification of the fault type are generated once correspondingly.
6. A judge the device that the computer terminal admittance verifies the failure, dispose AD field management system, desktop security management system, anti-virus management system and file sharing server on the network server that the said computer terminal inserts, characterized by that, the said device includes: the system comprises an AD domain management system timing script module, a desktop security management system timing script module, an anti-virus management system timing script module and a file sharing server timing script module;
the AD domain management system timing script module is used for acquiring first log information of the AD domain management system and generating a first log record table according to the first log information, wherein the first log record table comprises a first log feature code;
the desktop security management system timing script module is used for acquiring second log information of the desktop security management system and generating a second log record table according to the second log information, wherein the second log record table comprises a second log feature code;
the anti-virus management system timing script module is used for acquiring third log information of the anti-virus management system and generating a third log record table according to the third log information, wherein the third log record table comprises a third log feature code;
the file sharing server timing script module is used for integrating the first log record table, the second log record table and the third log record table to generate an admission verification check table, performing step-by-step matching verification on log feature codes in the admission verification check table and preset fault feature code data stored in the file sharing server, and judging whether the fault type is a short-time fault or a field fault according to a matching verification result;
wherein the file sharing server timing script module is configured to:
matching and verifying the first log feature code and the preset fault feature code data, judging whether the first log feature code is a fault feature code, and if so, judging that the first log feature code is a field fault;
otherwise, matching and verifying the second log feature code and the preset fault feature code data, judging whether the second log feature code is a fault feature code, and if so, judging that the second log feature code is a field fault;
and if not, matching and verifying the third log feature code and the preset fault feature code data, judging whether the third log feature code is a fault feature code, if so, judging that the third log feature code is a field fault, otherwise, judging that the third log feature code is a short-time fault.
7. The apparatus for determining the admission verification failure of a computer terminal according to claim 6, further comprising a first log decryption module and a second log decryption module;
the second log decryption module is used for decrypting a database log file of the desktop security management system and storing the decrypted log file into a temporary table space, wherein the decrypted log file is provided for the desktop security management system timing script module to be used for extracting second log information;
and the third log decryption module is used for decrypting the database log file of the anti-virus management system and storing the decrypted log file into a temporary table space, wherein the decrypted log file is provided for the anti-virus management system timing script module to be used for extracting third log information.
8. The apparatus of claim 6, wherein the first log record table, the second log record table and the third log record table further comprise at least a login request time, a user name, a computer name and a login verification result of the computer terminal.
9. The apparatus for determining the access verification failure of the computer terminal according to claim 6, wherein the AD domain management system timing script module, the desktop security management system timing script module, and the anti-virus management system timing script module perform table lifting once every preset time in a preset period and generate the corresponding first log record table, the second log record table, and the third log record table; and the file sharing server timing script module correspondingly generates the admission verification check table and verifies the fault type once every preset time in a preset period.
CN201811050181.3A 2018-09-07 2018-09-07 Method and device for judging computer terminal access verification failure Active CN109257213B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811050181.3A CN109257213B (en) 2018-09-07 2018-09-07 Method and device for judging computer terminal access verification failure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811050181.3A CN109257213B (en) 2018-09-07 2018-09-07 Method and device for judging computer terminal access verification failure

Publications (2)

Publication Number Publication Date
CN109257213A CN109257213A (en) 2019-01-22
CN109257213B true CN109257213B (en) 2021-06-29

Family

ID=65047155

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811050181.3A Active CN109257213B (en) 2018-09-07 2018-09-07 Method and device for judging computer terminal access verification failure

Country Status (1)

Country Link
CN (1) CN109257213B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110781143B (en) * 2019-11-05 2022-03-15 北纬通信科技南京有限责任公司 Method and device for querying and extracting server logs

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618384A (en) * 2015-02-13 2015-05-13 成都中科合迅科技有限公司 Single authentication method based on AD (Access Device) server
CN104618313A (en) * 2013-11-05 2015-05-13 华为技术有限公司 System and method for security management
CN104734881A (en) * 2014-12-11 2015-06-24 天津中兴智联科技有限公司 Log and abnormity probe implementation method
CN104753887A (en) * 2013-12-31 2015-07-01 中国移动通信集团黑龙江有限公司 Safety control implementation method and system and cloud desktop system
CN105653444A (en) * 2015-12-23 2016-06-08 北京大学 Internet log data-based software defect failure recognition method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618313A (en) * 2013-11-05 2015-05-13 华为技术有限公司 System and method for security management
CN104753887A (en) * 2013-12-31 2015-07-01 中国移动通信集团黑龙江有限公司 Safety control implementation method and system and cloud desktop system
CN104734881A (en) * 2014-12-11 2015-06-24 天津中兴智联科技有限公司 Log and abnormity probe implementation method
CN104618384A (en) * 2015-02-13 2015-05-13 成都中科合迅科技有限公司 Single authentication method based on AD (Access Device) server
CN105653444A (en) * 2015-12-23 2016-06-08 北京大学 Internet log data-based software defect failure recognition method and system

Also Published As

Publication number Publication date
CN109257213A (en) 2019-01-22

Similar Documents

Publication Publication Date Title
EP3552098B1 (en) Operating system update management for enrolled devices
US9256841B2 (en) Information technology governance and controls methods and apparatuses
EP1842127B1 (en) Method and system for securely identifying computer storage devices
EP2866411A1 (en) Method and system for detecting unauthorized access to and use of network resources with targeted analytics
US11263327B2 (en) System for information security threat assessment and event triggering
CN111314340B (en) Authentication method and authentication platform
US20120030757A1 (en) Login initiated scanning of computing devices
US9712536B2 (en) Access control device, access control method, and program
CN110620782A (en) Account authentication method and device, computer equipment and storage medium
WO2017156160A1 (en) Management of workflows
CN111431753A (en) Asset information updating method, device, equipment and storage medium
CN110049028B (en) Method and device for monitoring domain control administrator, computer equipment and storage medium
US11765171B2 (en) Monitoring security configurations of cloud-based services
US20230327879A1 (en) System and method for maintaining usage records in a shared computing environment
US10848491B2 (en) Automatically detecting a violation in a privileged access session
CN112150113A (en) Method, device and system for borrowing file data and method for borrowing data
CN104135483A (en) Automatic configuration management system for network security
CN109257213B (en) Method and device for judging computer terminal access verification failure
CN116522308A (en) Database account hosting method, device, computer equipment and storage medium
JP6636605B1 (en) History monitoring method, monitoring processing device, and monitoring processing program
US20210157949A1 (en) Event data tagged with consent records
CN115242433B (en) Data processing method, system, electronic device and computer readable storage medium
CN111030997A (en) Method and device for monitoring and filtering internal and external network flow, electronic equipment and storage medium
CN114745203A (en) Method and device for monitoring full life cycle of user account
CN109582454A (en) Permission releasing control method, device and equipment in a kind of distributed storage cluster

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant