CN111262728A - Flow load monitoring system based on log port flow - Google Patents
Flow load monitoring system based on log port flow Download PDFInfo
- Publication number
- CN111262728A CN111262728A CN202010019520.2A CN202010019520A CN111262728A CN 111262728 A CN111262728 A CN 111262728A CN 202010019520 A CN202010019520 A CN 202010019520A CN 111262728 A CN111262728 A CN 111262728A
- Authority
- CN
- China
- Prior art keywords
- flow
- data
- port
- algorithm
- load
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 30
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 46
- 238000005206 flow analysis Methods 0.000 claims abstract description 5
- 238000000611 regression analysis Methods 0.000 claims description 15
- 238000012549 training Methods 0.000 claims description 14
- 238000012360 testing method Methods 0.000 claims description 4
- 238000004364 calculation method Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 abstract description 6
- 238000007619 statistical method Methods 0.000 abstract description 4
- 238000007726 management method Methods 0.000 description 10
- 238000000034 method Methods 0.000 description 9
- 238000004458 analytical method Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 6
- 230000001419 dependent effect Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 3
- 238000012417 linear regression Methods 0.000 description 3
- 230000004931 aggregating effect Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000005065 mining Methods 0.000 description 2
- 230000001105 regulatory effect Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0213—Standardised network management protocols, e.g. simple network management protocol [SNMP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
- H04L41/044—Network management architectures or arrangements comprising hierarchical management structures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0677—Localisation of faults
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/147—Network analysis or design for predicting network behaviour
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a flow load monitoring system based on log port flow, which comprises the following steps: step one, constructing an optimal flow load algorithm, and nesting and storing the optimal flow load algorithm in a system; acquiring system logs and port flow data information in a system; thirdly, according to the data information obtained in the second step, combining with an optimal flow load algorithm stored in the system, and constructing a system load flow analysis result; and step four, predicting a future flow load prediction graph by analyzing the numerical values output in the step two and the step three. The invention finds a stable and credible statistical method of the interface flow of the network transmission layer by digging the relation between the running state information of the low-level network protocol and the port flow of the application layer, realizes intelligent monitoring and alarming of the flow of the application system, and can effectively solve the problem that the flow load of the current application system is not monitored.
Description
Technical Field
The invention relates to the field of data monitoring, in particular to an application system based on log port flow and a flow load monitoring system.
Background
The method relates to information network fault tracing and traffic system flow load monitoring, and the key and difficulty of the method comprise two aspects: on one hand, there is a deep association between network failures, for example, the high CPU utilization of a network device may cause packet loss and further cause poor link transmission quality, how to obtain a real failure from different information and state representations, and the source of a positioned failure needs to be identified from the aspects of alarm time, device upper and lower relation, network monitoring path, etc. on the basis of enhancing monitoring, which is one of the key difficulties of the project;
on the other hand, the load of the application system is not available with direct means and needs to be obtained indirectly through the information network devices on which it depends. The connection level and the association of the information network are very complex, and the role analysis is performed to cover devices of each TCP/IP layer, such as a switch of a link layer, a router of a network layer, a firewall from a transmission layer to an application layer, load balancing devices and the like. The difficulty and key point of the invention is how to comprehensively analyze and integrate the records of network messages of different network devices in different forms to form stable and credible application system flow load.
Disclosure of Invention
The invention aims to provide a flow load monitoring system based on the flow of a log port, which can timely, comprehensively and accurately know the running states of the current network and a service system, and ensure that a network management system can timely and efficiently acquire, analyze and early warn data; carrying out cloud architecture technical research on acquisition, message processing, data storage and deployment modes of the system, and realizing flexible expansion and efficient and stable operation of a network management system; and finally, the traffic load monitoring of the information network application system is realized, and the monitoring coverage level of the key nodes of the information network is improved.
In order to achieve the above object, the present invention provides a traffic load monitoring system based on log port traffic, comprising the following steps:
step one, constructing an optimal flow load algorithm, and nesting and storing the optimal flow load algorithm in a system;
acquiring system logs and port flow data information in a system;
thirdly, according to the data information obtained in the second step, combining with an optimal flow load algorithm stored in the system, and constructing a system load flow analysis result;
and step four, predicting a future flow load prediction graph by analyzing the numerical values output in the step two and the step three.
The system log is information for recording hardware, software and system problems in the system, and can also monitor events occurring in the system. Through which the user can check the cause of the error or look for traces left by the attacker when under attack. The system log includes a system log, an application log, and a security log.
In a preferred embodiment of the present invention, the system log is collected by using flash monitoring, and the port traffic is obtained by collecting physical port traffic information of a switch or a router connected to a host of an application system through a snmp protocol.
The flash is a high-availability, high-reliability and distributed system for acquiring, aggregating and transmitting mass logs provided by Cloudera, supports customizing various data senders in a log system for collecting data, and simultaneously provides the capability of simply processing the data and writing the data to various data receivers (customizable).
The Simple Network Management Protocol (SNMP) is composed of a set of network management standards including an application layer protocol (application layer protocol), a database model (database schema) and a set of data objects. The protocol can support a network management system to monitor devices connected to the network for any regulatory concerns.
In a preferred embodiment of the present invention, the input data in the algorithm for constructing the optimal traffic load in step one includes, but is not limited to, data that is traffic TCP table data, log table data, and port table data, and mainly includes the following fields: tcp connection number, log line number, input byte number, output byte number, model ID, round number, time.
The model has no great requirement on the data volume in practical application. That is, the uplink traffic prediction model and the downlink traffic prediction model do not have strict requirements on the data volume in the actual application.
In a preferred embodiment of the present invention, the step one of constructing the optimal traffic load algorithm includes the following two stages: and (3) constructing a model training algorithm and a model application algorithm, respectively training optimal models of uplink flow prediction and downlink flow prediction by using historical data through a polynomial regression analysis algorithm, and storing the optimal models.
The biggest advantage of polynomial regression is that the real measuring points can be approximated by adding high-order terms of the independent variable until the condition is satisfied. In fact, polynomial regression can deal with a considerable class of non-linear problems, which plays an important role in regression analysis, since any function can be approximated piecewise with a polynomial. Therefore, in a general practical problem, regardless of the relationship of the dependent variable to other independent variables, we can always use polynomial regression for analysis.
Normally, polynomial regression analysis can be converted to multiple linear regression analysis for processing.
In a preferred embodiment of the present invention, the configuration file in the training algorithm for building the model includes three modules of [ degree ], [ date ], [ hbase ]:
[ degree ] is mainly used for setting the highest power of the model in polynomial regression analysis, the higher the power, the larger the calculation memory, the higher the requirement on the server, and certainly the more possible to find the optimal power;
[ date ] is mainly used for configuring the time when data reading is started when the Hbase database data is read, and the upper limit of data quantity acquisition is what;
[ Hbase ] is mainly configured with address port information of Hbase database storing traffic TCP table data, log table data, and port table data.
In a preferred embodiment of the present invention, the configuration file of the model application algorithm includes three modules of [ date ], [ database ], [ hbase ]:
[ date ] is mainly used for configuring the time when data reading is started when the Hbase database data is read, and the upper limit of data quantity acquisition is what;
database is mainly used for configuring relevant information such as oracle database address port and the like when result data predicted by a flow load model is written into an oracle data table;
[ Hbase ] is mainly address port information of Hbase database configuring flow TCP table data, log table data, and port table data.
In a preferred embodiment of the present invention, in a bearable range of a server and an algorithm, a larger data size is selected when an optimal traffic load algorithm is constructed, and meanwhile, the division ratio of a test set and a training set needs to be debugged.
By adopting the method, the optimal training model can be obtained, the highest interpretation capability on the test set data is ensured, and the optimal power model can be automatically stored as the application model by the algorithm
Compared with the prior art, the invention has the beneficial effects that:
by mining the relation between the running state information of the low-level network protocol and the port flow of the application layer, a stable and credible statistical method of the interface flow of the network transmission layer is found, the intelligent monitoring and alarming of the flow of the application system are realized, and the problem that the flow load of the current application system is not monitored can be effectively solved.
Drawings
FIG. 1 is a flow chart of the present invention for training and storing an optimal model.
FIG. 2 is a flow chart of the model application of the present invention to obtain predicted values.
FIG. 3 is a diagram of log information of an application system according to the present invention.
FIG. 4 is a TCP message diagram of the application system of the present invention.
FIG. 5 is a diagram of port traffic information of an application system according to the present invention.
Fig. 6 is a diagram illustrating the result of analyzing the load flow of the application system according to the present invention.
Fig. 7 is a diagram illustrating traffic load prediction of an application system according to the present invention.
Detailed Description
The present invention is described in detail with reference to the embodiments shown in the drawings, but it should be understood that these embodiments are not intended to limit the present invention, and those skilled in the art should understand that functional, methodological, or structural equivalents or substitutions made by these embodiments are within the scope of the present invention.
The flow load monitoring system based on the log port flow comprises the following steps: step one, constructing an optimal flow load algorithm, and nesting and storing the optimal flow load algorithm in a system;
acquiring system logs and port flow data information in a system;
thirdly, according to the data information obtained in the second step, combining with an optimal flow load algorithm stored in the system, and constructing a system load flow analysis result;
and step four, predicting a future flow load prediction graph by analyzing the numerical values output in the step two and the step three.
The algorithm of the flow load algorithm mainly uses a polynomial regression analysis algorithm. A Regression analysis method that studies polynomials between a dependent variable and one or more independent variables is called Polynomial Regression. If the independent variable is only one, the method is called univariate polynomial regression; if there are more than one independent variable, it is called multivariate polynomial regression. In regression analysis, if the dependent variable and independent variable relationship is non-linear, but no suitable functional curve can be found for fitting, then polynomial regression can be used for fitting. The biggest advantage of polynomial regression is that the real measuring points can be approximated by adding high-order terms of the independent variable until the condition is satisfied. In fact, polynomial regression can deal with a considerable class of non-linear problems, which plays an important role in regression analysis, since any function can be approximated piecewise with a polynomial. Therefore, in a general practical problem, regardless of the relationship of the dependent variable to other independent variables, we can always use polynomial regression for analysis. Normally, polynomial regression analysis can be converted to multiple linear regression analysis for processing.
The invention can timely, comprehensively and accurately know the running states of the current network and the service system, and ensure that a network management system can timely and efficiently acquire, analyze and early warn data; carrying out cloud architecture technical research on acquisition, message processing, data storage and deployment modes of the system, and realizing flexible expansion and efficient and stable operation of a network management system; and finally, the traffic load monitoring of the information network application system is realized, and the monitoring coverage level of the key nodes of the information network is improved.
Example 1:
referring to fig. 1 and fig. 2, in this embodiment, a traffic load monitoring system based on log port traffic includes the following steps: step one, constructing an optimal flow load algorithm, and nesting and storing the optimal flow load algorithm in a system; acquiring system logs and port flow data information in a system; thirdly, according to the data information obtained in the second step, combining with an optimal flow load algorithm stored in the system, and constructing a system load flow analysis result; and step four, predicting a future flow load prediction graph by analyzing the numerical values output in the step two and the step three.
The system log is information for recording hardware, software and system problems in the system, and can also monitor events occurring in the system. Through which the user can check the cause of the error or look for traces left by the attacker when under attack. The system log includes a system log, an application log, and a security log.
The system logs are monitored and collected by using flash, and port traffic is obtained by collecting physical port traffic information of a switch or a router connected with a host of an application system through a snmp protocol.
The flash is a high-availability, high-reliability and distributed system for acquiring, aggregating and transmitting mass logs provided by Cloudera, and supports various data senders customized in the log system for collecting data; at the same time, flash provides the ability to simply process data and write to various data recipients (customizable). The Simple Network Management Protocol (SNMP) is composed of a set of network management standards including an application layer protocol (application layer protocol), a database model (database schema) and a set of data objects. The protocol can support a network management system to monitor devices connected to the network for any regulatory concerns.
Further, the input data in the optimal traffic load algorithm constructed in the first step include, but are not limited to, data of a traffic TCP table, data of a log table, and data of a port table, and mainly include the following fields: tcp connection number, log line number, input byte number, output byte number, model ID, round number, time.
The model has no great requirement on the data volume in practical application. That is, the uplink traffic prediction model and the downlink traffic prediction model do not have strict requirements on the data volume in the actual application.
The method for constructing the optimal flow load algorithm in the first step comprises the following two stages: and (3) constructing a model training algorithm and a model application algorithm, respectively training optimal models of uplink flow prediction and downlink flow prediction by using historical data through a polynomial regression analysis algorithm, and storing the optimal models.
The biggest advantage of polynomial regression is that the real measuring points can be approximated by adding high-order terms of the independent variable until the condition is satisfied. In fact, polynomial regression can deal with a considerable class of non-linear problems, which plays an important role in regression analysis, since any function can be approximated piecewise with a polynomial. Therefore, in a general practical problem, regardless of the relationship of the dependent variable to other independent variables, we can always use polynomial regression for analysis.
Normally, polynomial regression analysis can be converted to multiple linear regression analysis for processing.
Furthermore, the configuration file in the model training algorithm comprises three modules of [ degree ], [ date ], [ hbase ]: [ degree ] is mainly used for setting the highest power of the model in polynomial regression analysis, the higher the power, the larger the calculation memory, the higher the requirement on the server, and certainly the more possible to find the optimal power; [ date ] is mainly used for configuring the time when data reading is started when the Hbase database data is read, and the upper limit of data quantity acquisition is what; [ Hbase ] is mainly configured with address port information of Hbase database storing traffic TCP table data, log table data, and port table data.
Further, the configuration file of the construction model application algorithm comprises three modules of [ date ], [ database ], [ hbase ]: [ date ] is mainly used for configuring the time when data reading is started when the Hbase database data is read, and the upper limit of data quantity acquisition is what; database is mainly used for configuring relevant information such as oracle database address port and the like when result data predicted by a flow load model is written into an oracle data table; [ Hbase ] is mainly address port information of Hbase database configuring flow TCP table data, log table data, and port table data.
In a preferred embodiment of the present invention, in a bearable range of a server and an algorithm, a larger data size is selected when an optimal traffic load algorithm is constructed, and meanwhile, the division ratio of a test set and a training set needs to be debugged.
Example 2:
referring to fig. 3-7, the traffic load monitoring system based on the log port traffic includes the following steps:
the method comprises the following steps: establishing a relationship: obtaining flow data information of a flow load system log port of an application system through an unconventional method;
step two: correcting the flow load of the application system by combining the flow load calculated by reversely deducing the flow load of the application system through the port flow and the log information with the TCP of the application system;
step three: and (3) prediction: and performing flow load prediction in the future three periods according to the analyzed flow load value of the application system.
In summary, aiming at the problem that the traffic load of the current application system is not monitored, a stable and reliable statistical method of the interface traffic of the network transmission layer is found by mining the relationship between the running state information of the low-level network protocol and the port traffic of the application layer, so as to realize intelligent monitoring and alarm of the traffic of the application system.
The invention realizes the flow load monitoring of the information network application system and perfects the monitoring coverage level of the key nodes of the information network. The invention finds a stable and credible statistical method of the interface flow of the network transmission layer by digging the relation between the running state information of the low-level network protocol and the port flow of the application layer, realizes intelligent monitoring and alarming of the flow of the application system, and can effectively solve the problem that the flow load of the current application system is not monitored.
The above-listed detailed description is only a specific description of a possible embodiment of the present invention, and they are not intended to limit the scope of the present invention, and equivalent embodiments or modifications made without departing from the technical spirit of the present invention should be included in the scope of the present invention.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.
Claims (7)
1. The flow load monitoring system based on the log port flow is characterized by comprising the following steps:
step one, constructing an optimal flow load algorithm, and nesting and storing the optimal flow load algorithm in a system;
acquiring system logs and port flow data information in a system;
thirdly, according to the data information obtained in the second step, combining with an optimal flow load algorithm stored in the system, and constructing a system load flow analysis result;
and step four, predicting a future flow load prediction graph by analyzing the numerical values output in the step two and the step three.
2. The system for monitoring traffic load according to claim 1, wherein the system log is collected by using flash monitoring, and the port traffic is obtained by collecting physical port traffic information of a switch or a router connected to the host of the application system through a snmp protocol.
3. The system for monitoring traffic load based on log port traffic as claimed in claim 1, wherein the input data in the algorithm for constructing optimal traffic load in the first step includes but is not limited to data of traffic TCP table, log table, and port table, and mainly includes the following fields: tcp connection number, log line number, input byte number, output byte number, model ID, round number, time.
4. The system for monitoring the traffic load based on the log port traffic as claimed in claim 1, wherein the step one of constructing the optimal traffic load algorithm comprises the following two stages: and (3) constructing a model training algorithm and a model application algorithm, respectively training optimal models of uplink flow prediction and downlink flow prediction by using historical data through a polynomial regression analysis algorithm, and storing the optimal models.
5. The flow load monitoring system based on the log port flow as claimed in claim 4, wherein the configuration file in the constructed model training algorithm includes three modules of [ degree ], [ date ], [ hbase ]:
[ degree ] is mainly used for setting the highest power of the model in polynomial regression analysis, the higher the power, the larger the calculation memory, the higher the requirement on the server, and certainly the more possible to find the optimal power;
[ date ] is mainly used for configuring the time when data reading is started when the Hbase database data is read, and the upper limit of data quantity acquisition is what;
[ Hbase ] is mainly configured with address port information of Hbase database storing traffic TCP table data, log table data, and port table data.
6. The system according to claim 4, wherein the configuration file of the application algorithm of the building model comprises three modules of [ date ], [ database ], [ hbase ]:
[ date ] is mainly used for configuring the time when data reading is started when the Hbase database data is read, and the upper limit of data quantity acquisition is what;
database is mainly used for configuring relevant information such as oracle database address port and the like when result data predicted by a flow load model is written into an oracle data table;
[ Hbase ] is mainly address port information of Hbase database configuring flow TCP table data, log table data, and port table data.
7. The system according to any one of claims 1 to 6, wherein a larger data size is selected for constructing an optimal traffic load algorithm within a tolerable range of a server and the algorithm, and a ratio of a test set to a training set needs to be adjusted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010019520.2A CN111262728A (en) | 2020-01-08 | 2020-01-08 | Flow load monitoring system based on log port flow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010019520.2A CN111262728A (en) | 2020-01-08 | 2020-01-08 | Flow load monitoring system based on log port flow |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111262728A true CN111262728A (en) | 2020-06-09 |
Family
ID=70955248
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010019520.2A Pending CN111262728A (en) | 2020-01-08 | 2020-01-08 | Flow load monitoring system based on log port flow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111262728A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113923035A (en) * | 2021-10-15 | 2022-01-11 | 四川新网银行股份有限公司 | Dynamic application protection system and method based on attack load and attack behavior |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070022142A1 (en) * | 2005-07-20 | 2007-01-25 | International Business Machines Corporation | System and method to generate domain knowledge for automated system management by combining designer specifications with data mining activity |
| CN102820993A (en) * | 2012-08-16 | 2012-12-12 | 北京国创富盛通信股份有限公司 | Network resource monitoring system and network resource monitoring method |
| CN202841168U (en) * | 2012-08-16 | 2013-03-27 | 北京国创富盛通信股份有限公司 | Network resource monitoring system |
| CN105323111A (en) * | 2015-11-17 | 2016-02-10 | 南京南瑞集团公司 | Operation and maintenance automation system and method |
| CN109669837A (en) * | 2018-10-31 | 2019-04-23 | 平安科技(深圳)有限公司 | Equipment state method for early warning, system, computer installation and readable storage medium storing program for executing |
| CN109995592A (en) * | 2019-04-09 | 2019-07-09 | 中国联合网络通信集团有限公司 | Quality of service monitoring method and equipment |
| CN110535855A (en) * | 2019-08-28 | 2019-12-03 | 北京安御道合科技有限公司 | A kind of network event method for monitoring and analyzing and system, information data processing terminal |
-
2020
- 2020-01-08 CN CN202010019520.2A patent/CN111262728A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070022142A1 (en) * | 2005-07-20 | 2007-01-25 | International Business Machines Corporation | System and method to generate domain knowledge for automated system management by combining designer specifications with data mining activity |
| CN102820993A (en) * | 2012-08-16 | 2012-12-12 | 北京国创富盛通信股份有限公司 | Network resource monitoring system and network resource monitoring method |
| CN202841168U (en) * | 2012-08-16 | 2013-03-27 | 北京国创富盛通信股份有限公司 | Network resource monitoring system |
| CN105323111A (en) * | 2015-11-17 | 2016-02-10 | 南京南瑞集团公司 | Operation and maintenance automation system and method |
| CN109669837A (en) * | 2018-10-31 | 2019-04-23 | 平安科技(深圳)有限公司 | Equipment state method for early warning, system, computer installation and readable storage medium storing program for executing |
| CN109995592A (en) * | 2019-04-09 | 2019-07-09 | 中国联合网络通信集团有限公司 | Quality of service monitoring method and equipment |
| CN110535855A (en) * | 2019-08-28 | 2019-12-03 | 北京安御道合科技有限公司 | A kind of network event method for monitoring and analyzing and system, information data processing terminal |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113923035A (en) * | 2021-10-15 | 2022-01-11 | 四川新网银行股份有限公司 | Dynamic application protection system and method based on attack load and attack behavior |
| CN113923035B (en) * | 2021-10-15 | 2023-11-07 | 四川新网银行股份有限公司 | Dynamic application protection system and method based on attack load and attack behavior |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111181801B (en) | Node cluster testing method and device, electronic equipment and storage medium | |
| CN106034051B (en) | Network monitoring data processing method and network monitoring data processing unit | |
| CN112416645B (en) | Fault root cause deducing and positioning method and device based on artificial intelligence | |
| US20220050902A1 (en) | Opentelemetry security extensions | |
| Jayathilake | Towards structured log analysis | |
| CN103716173A (en) | Storage monitoring system and monitoring alarm issuing method | |
| CN103295155A (en) | Security core service system monitoring method | |
| CN111259073A (en) | Intelligent business system running state studying and judging system based on logs, flow and business access | |
| CN114553672B (en) | Method, device, equipment and medium for determining performance bottleneck of application system | |
| CN116166505B (en) | Monitoring platform, method, storage medium and equipment for dual-state IT architecture in financial industry | |
| CN114039900A (en) | Efficient network data packet protocol analysis method and system | |
| CN114244676A (en) | Intelligent IT integrated gateway system | |
| CN110912751A (en) | Network equipment topological graph generation method and related device | |
| CN110647417B (en) | Energy internet abnormal data processing method, device and system | |
| CN109981377B (en) | Distributed data center link monitoring method and system | |
| CN113487182B (en) | Device health state evaluation method, device, computer device and medium | |
| CN111262728A (en) | Flow load monitoring system based on log port flow | |
| CN110609761B (en) | Method and device for determining fault source, storage medium and electronic equipment | |
| CN114500178B (en) | Self-operation intelligent Internet of things gateway | |
| CN112905410B (en) | Equipment state monitoring system and method | |
| CN106933718B (en) | Method for monitoring performance and device | |
| CN113254313A (en) | Monitoring index abnormality detection method and device, electronic equipment and storage medium | |
| CN109120439B (en) | Distributed cluster alarm output method, device, equipment and readable storage medium | |
| Touloupou et al. | Cheapo: An algorithm for runtime adaption of time intervals applied in 5G networks | |
| US20230033681A1 (en) | Opentelemetry-based circuit breaker automation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200609 |