CN110377481B - Log management method, device, equipment and storage medium - Google Patents
Log management method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN110377481B CN110377481B CN201910539988.1A CN201910539988A CN110377481B CN 110377481 B CN110377481 B CN 110377481B CN 201910539988 A CN201910539988 A CN 201910539988A CN 110377481 B CN110377481 B CN 110377481B
- Authority
- CN
- China
- Prior art keywords
- log
- archiving
- archived
- filing
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3065—Monitoring arrangements determined by the means or processing involved in reporting the monitored data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention relates to the technical field of log management, and provides a log management method, a device, equipment and a storage medium, wherein the method comprises the following steps: when an input instance name is received, acquiring a corresponding IP address and a log path based on the instance name; acquiring a corresponding log to be archived based on the IP address and the log path; determining the size of the log to be archived, and determining a corresponding archiving rule based on the size of the log to be archived; and archiving the log to be archived according to the archiving rule. According to the invention, the target log to be filed is obtained through the IP address and the log path, the filing rule is determined according to the size of the log to be filed, and the log to be filed is filed according to the filing rule, so that special script customization is not needed, and special personnel who know the script are not needed for processing, the intelligent management of the log is realized, and the filing speed and the filing simplicity of the log are improved.
Description
Technical Field
The present invention relates to the field of log management technologies, and in particular, to a log management method, apparatus, device, and computer-readable storage medium.
Background
Windows network operating devices are designed with various log files, such as application log, security log, device log, Scheduler service log, FTP (File Transfer Protocol) log, WWW (World Wide Web) log, DNS (Domain Name System) server log, etc., which are different according to the services turned on by your device. When we perform some operations on the device, these log files will usually record some relevant contents of our operations, which are quite useful for the security staff of the device. For example, if a person performs IPC (Inter-Process Communication) probing on a device, the device records an IP Address (Internet Protocol Address), time, and user name used by a prober in a security log, and records an IP, time, and user name used for probing in an FTP log after performing FTP probing.
The log in the computer is log data which can be valuable information treasury or worthless data puddle. To protect and improve network security, log data from various operating devices, applications, devices, and security products can help to discover and avoid disasters in advance and to find root causes of security events.
At present, the filing of the log is to upload the log document on a target server to a filing server for caching, when the log caching exceeds a limited time, the log is stored in a disk for filing, and the process can be realized only by a customized script.
Disclosure of Invention
The invention mainly aims to provide a log management method, a log management device, log management equipment and a computer readable storage medium, and aims to solve the technical problems that the conventional log filing management needs talent lines which know scripts and is inconvenient in time consumption.
In order to achieve the above object, the present invention provides a log management method, including the steps of:
when an input instance name is received, acquiring a corresponding IP address and a log path based on the instance name;
acquiring a corresponding log to be archived based on the IP address and the log path;
determining the size of the log to be archived, and determining a corresponding archiving rule based on the size of the log to be archived, wherein the size of the log to be archived is the size of the occupied memory;
And archiving the log to be archived according to the archiving rule.
Optionally, the step of archiving the log to be archived according to the archiving rule includes:
determining the log type of the log to be archived, and determining a corresponding archiving position of the log to be archived according to the log type;
and archiving the log to be archived to the archiving position according to the archiving rule.
Optionally, the step of archiving the log to be archived according to the archiving rule includes:
monitoring whether an archiving task corresponding to the log to be archived has an abnormal state or not, and if the archiving task has the abnormal state, determining a remedial strategy corresponding to the abnormal state;
and archiving the log to be archived according to the archiving rule and the remedial strategy.
Optionally, the monitoring whether an abnormal state occurs in the archiving task corresponding to the log to be archived, and if the abnormal state occurs in the archiving task, determining a remediation policy corresponding to the abnormal state includes:
and acquiring a filing status code corresponding to the log to be filed, and monitoring whether the filing task is in an abnormal state or not according to the filing status code.
If the archiving task is in an abnormal state, determining an abnormal type corresponding to the abnormal state according to the archiving state code;
and determining a remediation strategy corresponding to the abnormal type.
Optionally, when the input instance name is received, the step of obtaining the corresponding IP address and the log path based on the instance name includes:
when an input instance name is received, judging whether the instance name is valid;
if the instance name is valid, acquiring an archive link corresponding to the instance name;
and acquiring an IP address corresponding to the archive link and a log path corresponding to the archive link.
Optionally, after the step of archiving the log to be archived according to the archiving rule, the method further includes:
when an inquiry instruction of a history log is received, acquiring an inquiry IP address corresponding to the inquiry instruction;
acquiring and displaying an archive log corresponding to the query IP address;
and when a positioning keyword based on the archiving log is received, displaying the archiving log corresponding to the positioning keyword in a bright color.
The archiving rule comprises current limiting archiving, and the step of archiving the log to be archived according to the archiving rule comprises the following steps:
If the archiving rule is current-limiting archiving, sending the log to be archived to a cache queue corresponding to the log to be archived;
according to the size of a preset batch, dividing the logs to be archived to obtain at least two divided logs;
acquiring keywords contained in the segmentation logs, and giving different priorities to the segmentation logs based on the keywords;
and sequentially archiving the segmentation logs based on the cache queue and the priority.
In order to achieve the above object, the present invention also provides a log management apparatus, including:
the first acquisition module is used for acquiring a corresponding IP address and a log path based on an input instance name when the instance name is received;
the second acquisition module is used for acquiring a corresponding log to be archived based on the IP address and the log path;
the selecting module is used for determining the size of the log to be archived and determining a corresponding archiving rule based on the size of the log to be archived, wherein the size of the log to be archived is the size of the occupied memory;
and the filing module is used for filing the log to be filed according to the filing rule.
In addition, to achieve the above object, the present invention further provides a log management device, which includes a processor, a memory, and a log management program stored on the memory and executable by the processor, wherein the log management program, when executed by the processor, implements the steps of the log management method as described above.
In addition, to achieve the above object, the present invention also provides a computer readable storage medium, on which a log management program is stored, wherein the log management program, when executed by a processor, implements the steps of the log management method as described above.
The invention provides a log management method, when receiving an input instance name, acquiring a corresponding IP address and a log path based on the instance name; acquiring a corresponding log to be archived based on the IP address and the log path; determining the size of the log to be archived, and determining a corresponding archiving rule based on the size of the log to be archived; and archiving the log to be archived according to the archiving rule. According to the invention, the target log to be filed is obtained through the IP address and the log path, the filing rule is determined according to the size of the log to be filed, and the log to be filed is filed according to the filing rule, so that special script customization is not needed, and special personnel who know the script are not needed for processing, the intelligent management of the log is realized, and the filing speed and the filing simplicity of the log are improved.
Drawings
Fig. 1 is a schematic diagram of a hardware structure of a log management device according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a log management method according to a first embodiment of the present invention;
fig. 3 is a functional block diagram of a log management apparatus according to a first embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The log management method related to the embodiment of the invention is mainly applied to log management equipment, and the log management equipment can be equipment with display and processing functions, such as a PC (personal computer), a portable computer, a mobile terminal and the like.
Referring to fig. 1, fig. 1 is a schematic diagram of a hardware structure of a log management device according to an embodiment of the present invention. In this embodiment of the present invention, the log management device may include a processor 1001 (e.g., a CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. The communication bus 1002 is used for realizing connection communication among the components; the user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard); the network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface); the memory 1005 may be a high-speed RAM memory, or may be a non-volatile memory (e.g., a magnetic disk memory), and optionally, the memory 1005 may be a storage device independent of the processor 1001.
Those skilled in the art will appreciate that the hardware configuration shown in fig. 1 does not constitute a limitation of the log management device, and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
With continued reference to FIG. 1, the memory 1005 of FIG. 1, which is one type of computer-readable storage medium, may include an operating system, a network communication module, and a log management program.
In fig. 1, the network communication module is mainly used for connecting a server and performing data communication with the server; and the processor 1001 may call a log management program stored in the memory 1005 and perform the log management method provided by the embodiment of the present invention.
The embodiment of the invention provides a log management method which can be applied to log management equipment, wherein the log management equipment is hereinafter referred to as management equipment.
Referring to fig. 2, fig. 2 is a flowchart illustrating a log management method according to a first embodiment of the present invention.
In this embodiment, the log management method includes the following steps:
step S10, when receiving the input instance name, based on the instance name, obtaining the corresponding IP address and the log path;
step S20, acquiring a corresponding log to be archived based on the IP address and the log path;
Step S30, determining the size of the log to be archived, and determining a corresponding archiving rule based on the size of the log to be archived, wherein the size of the log to be archived is the size of the occupied memory;
and step S40, archiving the log to be archived according to the archiving rule.
According to the method and the device, the log to be filed is obtained through the IP address and the log path, the filing rule is determined according to the size of the log to be filed, the log to be filed is filed according to the filing rule, a special script does not need to be customized, a special person who knows the script does not need to process the log, intelligent management of the log is achieved, and the filing speed and the filing simplicity degree of the log are improved.
The following will explain each step in detail:
step S10, when receiving the input instance name, acquiring a corresponding IP address and log path based on the instance name.
In this embodiment, when a user files a log of a certain server, the management system may obtain a corresponding IP address and a log path according to the received instance name by inputting the instance name on a display interface corresponding to the management system, where the instance name refers to a name given by the user to a host of each server, that is, the management device is connected to multiple servers, and the host of each server has the instance name given by the user. For example, when the user wants to obtain the log information corresponding to the server a, the user only needs to input the instance name a of the server a into the management system, and the management system obtains the IP address and the log path corresponding to the server a.
Further, step S10 includes:
step S11, when receiving the input instance name, judging whether the instance name is valid;
step S12, if the name is valid, acquiring an archive link corresponding to the instance name;
step S13, acquiring the IP address corresponding to the archive link and the log path corresponding to the archive link.
When an input instance name is received, an archive link corresponding to the instance name is obtained, and a corresponding IP address and a log path are obtained based on the archive link.
It can be understood that the management device is connected with a plurality of servers, and can manage each server, and when an event occurs in each server, each server records log information corresponding to the event, and the management device can create a database in advance, and is used for storing an instance name, an IP address and a log path input by a user on an operation interface corresponding to the management device, and associating the instance name, the IP address and the log path based on Structured Query Language (SQL) to generate an archive link. When the management system receives an input instance name, the archiving link corresponding to the instance name can be obtained, and the corresponding IP address and the log path are obtained based on the archiving link.
It can be understood that, when the input instance name is received, the method further includes verifying the instance name, and determining whether the instance name exists in the management system, that is, when the input instance name is received, determining whether the instance name is valid, if the management device manages the server a and the server B, if the management device manages the instance name C, because the management device does not exist C, the management device outputs an error prompt to prompt the user that the instance name does not exist.
And step S20, acquiring the corresponding log to be archived based on the IP address and the log path.
In this embodiment, the management device determines which location in which server is the log to be archived according to the IP address and the log path, specifically, determines the server corresponding to the IP address through the IP address, and in the server, determines the log at the corresponding location as the log to be archived through the log path.
It can be understood that there are various log information in the server, and the log information is cached at the corresponding position of the server, some log information is needed by the user, some log information is not needed by the user, therefore, the management system needs to determine the corresponding server through the IP address, and then in the server, the log information corresponding to the determined log path is the log to be archived, which is needed by the user.
If one IP address corresponding to the instance name exists and a plurality of log paths exist, namely a plurality of log paths corresponding to the IP address in the filing link exist, acquiring logs to be filed corresponding to the plurality of log paths from a server corresponding to the IP address; if there are multiple IP addresses corresponding to the instance name and one log path, that is, there are multiple IP addresses corresponding to the same log path in the archive link, obtaining the to-be-archived logs corresponding to the log path from the servers corresponding to the multiple IP addresses; if there are multiple IP addresses corresponding to the instance name and multiple log paths, that is, there are multiple log paths corresponding to multiple IP addresses in the archive link, then obtaining the logs to be archived corresponding to the multiple log paths from the servers corresponding to the multiple IP addresses.
Further, the process of obtaining the log to be archived further includes:
and determining whether a corresponding log to be archived exists in the target server or not based on the IP address and the log path, and if so, acquiring the log to be archived.
Before acquiring the log to be archived, the management equipment needs to judge whether the target server has the corresponding log to be archived, specifically, whether the IP address corresponding to the instance name has the corresponding server is judged, and if not, the instance name is determined to be invalid; if yes, further judging whether a log path corresponding to the instance name exists in the server, if not, determining that the target server does not have a corresponding log to be archived, and if yes, executing to acquire the log to be archived.
It can be understood that the servers managed by the management device are limited, the management device does not have the right to acquire the log information of the servers which are not under the jurisdiction of the management device, and the management system cannot acquire the corresponding logs to be archived for the servers which do not have the log paths corresponding to the instance names although under the jurisdiction of the management device. Only when the server under the control of the management system exists and the corresponding log path exists, the management system can acquire the corresponding log to be archived.
Step S30, determining the size of the log to be archived, and determining a corresponding archiving rule based on the size of the log to be archived, where the size of the log to be archived is the size of the memory occupied by the log to be archived.
In this embodiment, the size of the log to be archived is determined according to the obtained log to be archived, and the corresponding archiving rule is determined based on the size of the log to be archived, where the size of the log to be archived is the size of the memory occupied by the log to be archived.
Specifically, the size of the log to be archived is determined, the size of the log to be archived is compared with a preset threshold value, and if the size of the log to be archived is smaller than the preset threshold value, the corresponding archiving rule is determined to be directly archived; if the size of the log to be archived is equal to or larger than the preset threshold value, determining the corresponding archiving rule as current-limiting archiving, wherein the current-limiting archiving is specifically represented by adding the log to be archived into a cache queue, batch archiving of the log to be archived according to the cache queue, specifically presetting a batch size, dividing the log to be archived into a plurality of batches according to the batch size, and archiving the logs to be archived which are divided into the plurality of batches in sequence, so that the management equipment cannot crash due to excessive data write-in at one time.
And step S40, archiving the log to be archived according to the archiving rule.
In this embodiment, after the filing rule is determined, the log to be filed is filed according to the filing rule, specifically, the log to be filed is obtained by copying or cutting, and the log to be filed is filed according to the determined filing rule.
Further, when the archive rule is archive for current limit, step S40 includes:
if the archiving rule is current-limiting archiving, sending the log to be archived to a cache queue corresponding to the log to be archived;
in this step, if the filing rule is current-limited filing, that is, the size of the logs to be filed is equal to or greater than a preset threshold, and in order to avoid managing system crash caused by excessive data written once, the logs to be filed are first sent to the cache queue for segmentation processing, rather than being filed directly, it can be understood that there may be other logs to be filed while there is a current log to be filed in the cache queue, that is, the management device segments the logs to be filed after sending them to the cache queue, and queues up the segmented logs obtained by segmentation, so that the segmented logs can be filed sequentially in the following process.
According to the size of a preset batch, dividing the logs to be archived to obtain at least two divided logs;
in this step, the management device divides the log to be archived according to a preset batch size to obtain at least two divided logs, and if the size of the current log to be archived is 2G (Gigabyte, or hypoid), and the size of the preset batch is 1G, the management device divides the current log to be archived into two divided logs of 1G size.
Acquiring keywords contained in the segmentation logs, and giving different priorities to the segmentation logs based on the keywords;
in the step, the management device obtains keywords contained in each split log, and performs priority differentiation on the split logs according to the keywords, wherein the keywords may refer to attributes of the logs to be archived, and if the logs to be archived are safe logs, the corresponding keywords are safe; and when the log to be archived is a scheduling log, the corresponding keyword is scheduling and the like.
The method comprises the steps of classifying the importance degree of various logs in advance by Arabic numerals 1, 2 and 3, wherein the level 1 is the highest, the importance degree of various logs is sequentially reduced, if the priority of a safety log is 1, the scheduling day is 3, the device log is 2, and the like, and after the current log to be filed is segmented by a management device, the segmented log logs are given priority.
And sequentially archiving the segmentation logs based on the cache queue and the priority.
In the step, the management device sequentially archives the split logs according to the queuing condition of the cache queue and the determined priority from high to low until all the split logs are successfully archived, and at this time, the archiving of the logs to be archived is completed.
It should be noted that, during the sequential archiving process according to the priority, since there may be other logs to be archived in the cache queue, therefore, the priority of the split log is preferably set for the same to-be-archived log corresponding to the split log, such as the to-be-archived log G and the to-be-archived log H in the current cache queue, wherein the log G to be archived is divided into a division log f of priority 1 and a division log G of priority 2, and the log H to be archived is divided into a division log H of priority 5 and a division log i of priority 2, however, the log H to be archived is arranged before the log G to be archived in the cache queue, and therefore, the correct archiving order is the split log i, the split log H, the split log f and the split log G, that is, no matter how high the priority of the split log f is, the split log f is to be archived after the earlier journal H to be archived is completed.
Further, step S40 includes:
step S41, determining the log type of the log to be archived, and determining the corresponding archiving position of the log to be archived according to the log type.
After the log to be archived is obtained, the archive position of the log to be archived is determined by judging the log type of the log to be archived, wherein the log type comprises an application log, a safety log, a Scheduler service log, an FTP log, a WWW log, a DNS server log and the like, and the archive position of the log to be archived is determined by the management equipment according to the log type of the log to be archived.
Step S42, archiving the log to be archived to the archiving position according to the archiving rule.
After the reset position of the log to be archived is determined, the log to be archived is archived to the reset position according to the archiving rule. Namely, each log to be archived has a corresponding archive position corresponding to the log to be archived.
It should be noted that the archive position may also be determined by a log path in the archive link, and specifically, a corresponding archive path may be newly established in the management device according to the log path, and the obtained log to be archived is archived to the archive position corresponding to the archive path.
Furthermore, in the process of filing the log to be filed, a filing period can be preset, and the management device files the log to be filed at regular time according to the filing period.
In the embodiment, when an input instance name is received, a corresponding IP address and a log path are acquired based on the instance name; acquiring a corresponding log to be archived based on the IP address and the log path; determining the size of the log to be archived, and determining a corresponding archiving rule based on the size of the log to be archived; and archiving the log to be archived according to the archiving rule. According to the invention, the target log to be filed is obtained through the IP address and the log path, the filing rule is determined according to the size of the log to be filed, and the log to be filed is filed according to the filing rule, so that special script customization is not needed, special personnel who know the script are not needed for processing, system crash caused by writing too much data once is avoided, intelligent management of the log is realized, and the filing speed of the log, the simplicity degree of filing and the system stability of the management equipment are improved.
Further, a second embodiment of the log management method of the present invention is proposed based on the first embodiment. The second embodiment of the log management method is different from the first embodiment of the log management method in that step S40 includes:
Step S43, monitoring whether the filing task corresponding to the log to be filed is in an abnormal state;
step S44, if the filing task is in abnormal state, determining a remedial strategy corresponding to the abnormal state;
and step S45, archiving the log to be archived according to the archiving rule and the remedial strategy.
In the embodiment, in the process of filing the log to be filed, the management device correspondingly creates the filing task, when the situation that the filing task is abnormal is monitored, the corresponding remedial strategy is obtained, and the log to be filed is filed through the remedial strategy and the filing rule.
The respective steps will be described in detail below:
step S43, monitoring whether an archive task corresponding to the log to be archived has an abnormal state.
In this embodiment, when the management device files the log to be filed, a corresponding filing task is created, the filing condition of the log to be filed can be obtained in time through the filing task, and the management device monitors the progress of the filing task in real time and judges whether an abnormal state occurs.
Further, step S43 includes:
step a, acquiring an archiving state code corresponding to the log to be archived;
and b, monitoring whether the filing task is in an abnormal state or not according to the filing state code.
In the process of archiving the log to be archived by the management equipment, monitoring the archiving state of the archiving task in real time, wherein the specific monitoring mode can be that the obtained log to be archived is compared with an archived log corresponding to the log to be archived in the management equipment, if the size of the log to be archived is compared with the size of the archived log, and if the log to be archived is equal to the archived log, judging that the log to be archived is in a successful archiving state; if the log to be archived is smaller than the archived log, judging that the log to be archived is in an archiving state; on the basis, if the filed log is not increased within the preset time, the log to be filed is judged to be in a filing interruption state; if the connection between the management device and the server corresponding to the log to be archived is interrupted, it is determined that the log to be archived is in an archiving failure state, where the manner of determining whether the connection between the management device and the server corresponding to the log to be archived is interrupted may be: the management equipment sends a network survival detection packet to a server corresponding to the log to be archived at regular time so as to detect whether the connection between the server and the log is interrupted. Recording the archive state (including successful archive, in-archive, interruption of archive, failure of archive and the like) of the log and an archive state code (such as f _ log _ archive table) in a database in an associated manner, wherein if the archive _ code is 0, the archive success is represented; archive _ code is 1, indicating in the archive; archive _ code-1, representing an archive interruption; archive _ code is-2, indicating that the archiving failed.
The management equipment acquires the filing status code corresponding to the log to be filed and determines whether the filing task is abnormal or not according to the filing status code, wherein successful filing and normal filing are indicated in the filing process, and interruption and failure in the filing process are indicated in the abnormal filing task.
Step S44, if an abnormal state occurs in the archive task, determining a remediation policy corresponding to the abnormal state.
If the management device determines that the archiving task is abnormal, the corresponding remediation strategies are determined according to the abnormal states, and it can be understood that the remediation strategies corresponding to each abnormal state are preset in the management device.
Specifically, if an abnormality occurs in the filing process, such as shutdown of a server, a breakpoint, and the like, a corresponding remedial policy is adopted, if shutdown of the server occurs in the filing process, and when the server is restored, the management device can continue to file the to-be-filed log which is not filed previously.
The remedial strategy also comprises the steps of reacquiring and re-archiving the log to be archived, namely if the archiving fails in the archiving process, abandoning the archiving, deleting the archived log, reacquiring the log to be archived according to the IP address and the log path, and re-archiving the log to be archived.
Further, step S44 includes:
and c, if the archiving task is in an abnormal state, determining an abnormal type corresponding to the abnormal state according to the archiving state code.
In this embodiment, all abnormal states occurring in all archiving processes are divided into a plurality of abnormal types, and after determining that an abnormal state occurs in an archiving task, the management device determines a corresponding abnormal type according to an archiving state code, where as described above, the abnormal type may include archive _ code-1 and an archiving interruption; the archive _ code is-2, and the archive fails.
And d, determining a remediation strategy corresponding to the abnormal type.
According to the abnormal type, the management equipment adopts different remedial strategies, specifically, when the abnormal type is filing interruption, the interruption position of the currently filed log is marked and recorded, whether the transmission path is smooth or not is detected, specifically, whether the transmission path is smooth or not can be tested by sending a detection packet to a target server, when the transmission path is detected to be smooth, the position of the log to be filed, which is not filed, is positioned according to the mark, and the log to be filed, which is not filed, is continuously obtained and filed; and when the abnormal type is filing failure, deleting the filed part in the log to be filed, and acquiring the log to be filed again according to the IP address and the log path and filing.
Step S45, archiving the log to be archived according to the archiving rule and the remediation strategy;
after the remediation strategy is determined, the archiving log can be archived according to the archiving rule and the remediation strategy.
In the process of filing the log to be filed, the management equipment correspondingly establishes the filing task, acquires the corresponding remediation strategy when monitoring that the filing task is abnormal, and files the log to be filed through the remediation strategy and the filing rule, so that the intelligent management of the log is realized, and the filing success rate of the log is improved.
Further, a third embodiment of the log management method of the present invention is proposed based on the first embodiment and the second embodiment. The third embodiment of the log management method differs from the first and second embodiments of the log management method in that the method further comprises:
step S50, when receiving the inquiry instruction of the history log, acquiring the inquiry IP address corresponding to the inquiry instruction;
step S60, acquiring and displaying the filing log corresponding to the query IP address;
and step S70, when the positioning key word based on the filing log is received, displaying the filing log corresponding to the positioning key word in bright color.
In this embodiment, after the logs are archived, if a query instruction of the historical logs is received, the corresponding logs can be directly displayed on the display interface, and the logs that the user wants to find can be quickly located according to the keywords input by the user.
The respective steps will be described in detail below:
step S50, when receiving the query instruction of the history log, obtaining the query IP address corresponding to the query instruction.
In this embodiment, after the log to be archived is archived, if a user wants to check related log information, the corresponding IP address only needs to be input in the corresponding query interface, and when the management device receives a query instruction, the corresponding IP address can be acquired. It can be understood that, since the present solution introduces the concept of instance name, the user can view by inputting the instance name even if he does not know the IP address of the server that he wants to view in actual operation.
And step S60, acquiring and displaying the filing log corresponding to the query IP address.
In this embodiment, after determining the query IP address, the management device obtains and displays the corresponding archive log, and it can be understood that the archive log displayed at this time is all log information of the server corresponding to the query IP address.
Step S70, when receiving the positioning keyword based on the archive log, displaying the archive log corresponding to the positioning keyword in bright color.
In this embodiment, the management device further has a positioning function, and the user only needs to input a positioning keyword on the related display interface, and after receiving the positioning keyword, the management device can quickly position the corresponding filing log, and in addition, in order to facilitate the user to check, the positioned filing log is displayed in a bright color.
After the log is filed, if a query instruction of the historical log is received, the corresponding log can be directly displayed on the display interface, and the log which the user wants to find can be quickly positioned according to the keywords input by the user, so that the log can be quickly checked.
In addition, the embodiment of the invention also provides a log management device.
Referring to fig. 3, fig. 3 is a functional module diagram of the log management device according to the first embodiment of the present invention.
In this embodiment, the log management apparatus includes:
a first obtaining module 10, configured to, when an input instance name is received, obtain, based on the instance name, a corresponding IP address and a log path;
a second obtaining module 20, configured to obtain, based on the IP address and the log path, a corresponding log to be archived;
The selecting module 30 is configured to determine the size of the log to be archived, and determine a corresponding archiving rule based on the size of the log to be archived, where the size of the log to be archived is the size of the memory occupied by the log to be archived;
and the archiving module 40 is configured to archive the log to be archived according to the archiving rule.
Further, the archiving module 40 is further configured to:
determining the log type of the log to be archived, and determining a corresponding archiving position of the log to be archived according to the log type;
and archiving the log to be archived to the archiving position according to the archiving rule.
Further, the archiving module 40 is further configured to:
monitoring whether an archiving task corresponding to the log to be archived has an abnormal state or not, and if the archiving task has the abnormal state, determining a remedial strategy corresponding to the abnormal state;
and archiving the log to be archived according to the archiving rule and the remedial strategy.
Further, the archiving module 40 is further configured to:
acquiring a filing status code corresponding to the log to be filed, and monitoring whether the filing task is in an abnormal state or not according to the filing status code;
If the archiving task is in an abnormal state, determining an abnormal type corresponding to the abnormal state according to the archiving state code;
and determining a remediation strategy corresponding to the abnormal type.
Further, the first obtaining module 10 is further configured to:
when an input instance name is received, judging whether the instance name is valid;
if the instance name is valid, acquiring an archive link corresponding to the instance name;
and acquiring an IP address corresponding to the archive link and a log path corresponding to the archive link.
Further, the log management apparatus further includes:
the receiving module is used for acquiring a query IP address corresponding to a query instruction when the query instruction of the historical log is received;
the third acquisition module is used for acquiring and displaying the filing log corresponding to the query IP address;
and the positioning module is used for displaying the filing log corresponding to the positioning keyword in bright color when the positioning keyword based on the filing log is received.
Further, the archive rule includes a current limit archive, and the archive module 40 is further configured to:
if the archiving rule is current-limiting archiving, sending the log to be archived to a cache queue corresponding to the log to be archived;
According to the size of a preset batch, dividing the logs to be archived to obtain at least two divided logs;
acquiring keywords contained in the segmentation logs, and giving different priorities to the segmentation logs based on the keywords;
and sequentially archiving the segmentation logs based on the cache queue and the priority.
Each module and unit in the log management device correspond to each step in the log management method embodiment, and the functions and implementation processes thereof are not described in detail herein.
In addition, the embodiment of the invention also provides a computer readable storage medium.
The computer readable storage medium of the present invention stores a log management program, wherein the log management program, when executed by a processor, implements the steps of the log management method as described above.
The method for implementing the log management program when executed may refer to various embodiments of the log management method of the present invention, which are not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are only for description, and do not represent the advantages and disadvantages of the embodiments.
Through the description of the foregoing embodiments, it is clear to those skilled in the art that the method of the foregoing embodiments may be implemented by software plus a necessary general hardware platform, and certainly may also be implemented by hardware, but in many cases, the former is a better implementation. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (9)
1. A log management method, characterized in that the log management method comprises the steps of:
when an input instance name is received, acquiring a corresponding internet protocol address (IP) address and a log path based on the instance name;
acquiring a corresponding log to be archived based on the IP address and the log path;
determining the size of the log to be archived, and determining a corresponding archiving rule based on the size of the log to be archived, wherein the size of the log to be archived is the size of the occupied memory;
archiving the log to be archived according to the archiving rule;
the step of archiving the log to be archived according to the archiving rule comprises the following steps:
monitoring whether an archiving task corresponding to the log to be archived has an abnormal state or not, and if the archiving task has the abnormal state, determining a remedial strategy corresponding to the abnormal state;
and archiving the log to be archived according to the archiving rule and the remedial strategy.
2. The log management method of claim 1, wherein the archiving the log to be archived according to the archiving rule comprises:
Determining the log type of the log to be archived, and determining a corresponding archiving position of the log to be archived according to the log type;
and archiving the log to be archived to the archiving position according to the archiving rule.
3. The log management method according to claim 1, wherein the step of monitoring whether an archive task corresponding to the log to be archived is in an abnormal state, and if the archive task is in the abnormal state, determining a remediation policy corresponding to the abnormal state comprises:
acquiring a filing status code corresponding to the log to be filed, and monitoring whether the filing task is in an abnormal state or not according to the filing status code;
if the archiving task is in an abnormal state, determining an abnormal type corresponding to the abnormal state according to the archiving state code;
and determining a remedial strategy corresponding to the abnormal type.
4. The log management method of claim 1, wherein the step of acquiring, when an input instance name is received, a corresponding IP address and log path based on the instance name comprises:
when an input instance name is received, judging whether the instance name is valid;
If the instance name is valid, acquiring an archiving link corresponding to the instance name;
and acquiring the IP address corresponding to the filing link and the log path corresponding to the filing link.
5. The log management method of any one of claims 1 to 4, wherein after the step of archiving the log to be archived according to the archiving rule, the method further comprises:
when a query instruction of a historical log is received, acquiring a query IP address corresponding to the query instruction;
acquiring and displaying an archiving log corresponding to the query IP address;
and when a positioning keyword based on the archiving log is received, displaying the archiving log corresponding to the positioning keyword in a bright color.
6. The log management method of claim 1, wherein the archiving rule comprises a current-limited archiving, and the step of archiving the log to be archived according to the archiving rule comprises:
if the archiving rule is current-limiting archiving, sending the log to be archived to a cache queue corresponding to the log to be archived;
dividing the logs to be archived according to the size of a preset batch to obtain at least two divided logs;
Acquiring keywords contained in the segmentation logs, and giving different priorities to the segmentation logs based on the keywords;
and sequentially archiving the segmentation logs based on the cache queue and the priority.
7. A log management apparatus, characterized in that the log management apparatus comprises:
the first acquisition module is used for acquiring a corresponding IP address and a log path based on an input instance name when the instance name is received;
the second acquisition module is used for acquiring a corresponding log to be archived based on the IP address and the log path;
the selecting module is used for determining the size of the log to be archived and determining a corresponding archiving rule based on the size of the log to be archived, wherein the size of the log to be archived is the size of the occupied memory;
the filing module is used for filing the log to be filed according to the filing rule;
the filing module comprises:
the remedial strategy determining unit is used for monitoring whether an archiving task corresponding to the log to be archived has an abnormal state or not, and if the archiving task has the abnormal state, determining a remedial strategy corresponding to the abnormal state;
And the archiving unit is used for archiving the log to be archived according to the archiving rule and the remediation strategy.
8. A log management device, characterized in that the log management device comprises a processor, a memory, and a log management program stored on the memory and executable by the processor, wherein the log management program, when executed by the processor, implements the steps of the log management method according to any one of claims 1 to 6.
9. A computer-readable storage medium, having a log management program stored thereon, wherein the log management program, when executed by a processor, implements the steps of the log management method of any one of claims 1 to 6.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910539988.1A CN110377481B (en) | 2019-06-19 | 2019-06-19 | Log management method, device, equipment and storage medium |
| PCT/CN2019/122073 WO2020253125A1 (en) | 2019-06-19 | 2019-11-29 | Log management method, apparatus, and device, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910539988.1A CN110377481B (en) | 2019-06-19 | 2019-06-19 | Log management method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110377481A CN110377481A (en) | 2019-10-25 |
| CN110377481B true CN110377481B (en) | 2022-06-28 |
Family
ID=68250489
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910539988.1A Active CN110377481B (en) | 2019-06-19 | 2019-06-19 | Log management method, device, equipment and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110377481B (en) |
| WO (1) | WO2020253125A1 (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110377481B (en) * | 2019-06-19 | 2022-06-28 | 深圳壹账通智能科技有限公司 | Log management method, device, equipment and storage medium |
| CN110990335B (en) * | 2019-12-06 | 2023-07-18 | 深圳前海微众银行股份有限公司 | Log archiving method, device, equipment and computer readable storage medium |
| CN113656358A (en) * | 2020-05-12 | 2021-11-16 | 网联清算有限公司 | Database log file processing method and system |
| CN112463571A (en) * | 2020-12-17 | 2021-03-09 | 未来电视有限公司 | Log processing method, device and equipment |
| CN113238913B (en) * | 2021-05-12 | 2023-10-24 | 康键信息技术(深圳)有限公司 | Intelligent pushing method, device, equipment and storage medium for server faults |
| CN115827678B (en) * | 2023-02-15 | 2023-05-23 | 零犀(北京)科技有限公司 | Method, device, medium and electronic equipment for acquiring service data |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105577445A (en) * | 2015-12-30 | 2016-05-11 | 北京京东尚科信息技术有限公司 | Method and device for collecting and reporting logs |
| CN107092552A (en) * | 2017-03-10 | 2017-08-25 | 武汉斗鱼网络科技有限公司 | A kind of blog management method and device |
| CN107342888A (en) * | 2016-12-02 | 2017-11-10 | 杭州迪普科技股份有限公司 | The storage method and device of daily record message |
| CN107426023A (en) * | 2017-07-21 | 2017-12-01 | 携程旅游信息技术(上海)有限公司 | Cloud platform log collection and retransmission method, system, equipment and storage medium |
| CN108989471A (en) * | 2018-09-05 | 2018-12-11 | 郑州云海信息技术有限公司 | The management method and device of log in network system |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8880478B2 (en) * | 2006-12-28 | 2014-11-04 | International Business Machines Corporation | Scan-free archiving |
| US8549239B2 (en) * | 2007-06-20 | 2013-10-01 | Hewlett-Packard Development Company, L.P. | Network message logging and archival |
| CN105005528B (en) * | 2015-06-26 | 2018-07-24 | 浪潮(北京)电子信息产业有限公司 | A kind of log information extracting method and device |
| CN107870842B (en) * | 2016-09-28 | 2021-05-04 | 平安科技(深圳)有限公司 | Log management method and system |
| CN107451034A (en) * | 2017-08-17 | 2017-12-08 | 浪潮软件股份有限公司 | A kind of big data cluster log management apparatus, method and system |
| CN107819616A (en) * | 2017-10-30 | 2018-03-20 | 杭州安恒信息技术有限公司 | Automatically extract the method, apparatus and system of daily record |
| CN110377481B (en) * | 2019-06-19 | 2022-06-28 | 深圳壹账通智能科技有限公司 | Log management method, device, equipment and storage medium |
-
2019
- 2019-06-19 CN CN201910539988.1A patent/CN110377481B/en active Active
- 2019-11-29 WO PCT/CN2019/122073 patent/WO2020253125A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105577445A (en) * | 2015-12-30 | 2016-05-11 | 北京京东尚科信息技术有限公司 | Method and device for collecting and reporting logs |
| CN107342888A (en) * | 2016-12-02 | 2017-11-10 | 杭州迪普科技股份有限公司 | The storage method and device of daily record message |
| CN107092552A (en) * | 2017-03-10 | 2017-08-25 | 武汉斗鱼网络科技有限公司 | A kind of blog management method and device |
| CN107426023A (en) * | 2017-07-21 | 2017-12-01 | 携程旅游信息技术(上海)有限公司 | Cloud platform log collection and retransmission method, system, equipment and storage medium |
| CN108989471A (en) * | 2018-09-05 | 2018-12-11 | 郑州云海信息技术有限公司 | The management method and device of log in network system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2020253125A1 (en) | 2020-12-24 |
| CN110377481A (en) | 2019-10-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110377481B (en) | Log management method, device, equipment and storage medium | |
| CN105357038B (en) | Monitor the method and system of cluster virtual machine | |
| KR950010833B1 (en) | Automated enrollement of a computer system into a service network of computer systems | |
| JP6396887B2 (en) | System, method, apparatus, and non-transitory computer readable storage medium for providing mobile device support services | |
| US7664986B2 (en) | System and method for determining fault isolation in an enterprise computing system | |
| US8352867B2 (en) | Predictive monitoring dashboard | |
| EP2176775B1 (en) | Automatically managing system downtime in a computer network | |
| US6418469B1 (en) | Managing conditions in a network | |
| US7788540B2 (en) | Tracking down elusive intermittent failures | |
| US11044144B2 (en) | Self-monitoring | |
| US6832236B1 (en) | Method and system for implementing automatic filesystem growth monitor for production UNIX computer system | |
| CA3118098A1 (en) | Alerting, diagnosing, and transmitting computer issues to a technical resource in response to a dedicated physical button or trigger | |
| US11777949B2 (en) | Dynamic user access control management | |
| KR20040091392A (en) | Method and system for backup management of remote using the web | |
| JP2006260343A (en) | Program for checking link cut | |
| JP2003233512A (en) | Client monitoring system with maintenance function, monitoring server, program, and client monitoring/ maintaining method | |
| JP4679536B2 (en) | Failure occurrence prediction system | |
| JP6865042B2 (en) | Knowledge management equipment, knowledge management methods and computer programs | |
| CN110231921B (en) | Log printing method, device, equipment and computer readable storage medium | |
| CN116980186A (en) | Abnormality determination method and device, electronic equipment and storage medium | |
| US20060123107A1 (en) | Web link management systems and methods | |
| US11544166B1 (en) | Data recovery validation test | |
| KR950010834B1 (en) | Flexible service network for computer systems | |
| KR950010835B1 (en) | Problem prevention on a computer system in a service network of computer systems | |
| KR950010832B1 (en) | Tracking the resolution of a problem on a computer system in a service network of computer system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |