CN111884858B - Equipment asset information verification method, device, system and medium - Google Patents

Equipment asset information verification method, device, system and medium Download PDF

Info

Publication number
CN111884858B
CN111884858B CN202010747782.0A CN202010747782A CN111884858B CN 111884858 B CN111884858 B CN 111884858B CN 202010747782 A CN202010747782 A CN 202010747782A CN 111884858 B CN111884858 B CN 111884858B
Authority
CN
China
Prior art keywords
log
logs
target
asset information
devices
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010747782.0A
Other languages
Chinese (zh)
Other versions
CN111884858A (en
Inventor
李新印
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202010747782.0A priority Critical patent/CN111884858B/en
Publication of CN111884858A publication Critical patent/CN111884858A/en
Application granted granted Critical
Publication of CN111884858B publication Critical patent/CN111884858B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The present disclosure provides a method for verifying equipment asset information, including: obtaining p running logs monitored and obtained by a monitoring device, wherein the p running logs comprise at least one running log aiming at each device in m devices, and each running log comprises a device address and log content; removing redundant information in p running logs to obtain q entry marked logs; determining target asset information of n devices for which the q entry mark logs aim at according to the device addresses and the log contents included in the q entry mark logs; and checking the correctness of the pre-stored asset information of the n devices according to the target asset information of the n devices and the pre-stored asset information of the n devices in the asset management device. The disclosure also provides a device for checking the equipment asset information, a computer system and a computer readable storage medium. The method and device provided by the disclosure can be used in the financial field or other fields.

Description

Equipment asset information verification method, device, system and medium
Technical Field
The present disclosure relates to the field of asset management, and more particularly, to a method, an apparatus, a system, and a medium for verifying equipment asset information.
Background
With the rapid development of computer technology and internet technology, large enterprises have established asset management systems, thereby providing help for business management. The asset information of the equipment serving as the asset in the asset management system is basically input by hand. As the number of assets in the network increases, the replacement of devices also becomes more frequent. The daily accumulation causes difficulty in ensuring the correctness of the asset information of the devices maintained in the asset management system. How to improve the correctness of the equipment asset information maintained in the asset management system is a problem which is always puzzling enterprises.
Disclosure of Invention
In view of the above, the present disclosure provides a method, an apparatus, a system, and a medium for verifying asset information of a device, which can be applied to the financial field or other fields.
One aspect of the present disclosure provides a method for verifying equipment asset information, including: acquiring p running logs monitored and obtained by a monitoring device, wherein the p running logs comprise at least one running log aiming at each device in m devices, and each running log comprises a device address and log content; removing redundant information in p running logs to obtain q entry marked logs; determining target asset information of n devices for which the q entry mark logs aim at according to the device addresses and the log contents included in the q entry mark logs; and checking the correctness of the pre-stored asset information of the n devices according to the target asset information of the n devices and the pre-stored asset information of the n devices in the asset management device, wherein p, q, m and n are positive integers, p is greater than or equal to q, and m is greater than or equal to n.
According to an embodiment of the present disclosure, the removing redundant information from p running logs according to a predetermined rule to obtain q entry mark logs includes: determining p running logs including running logs of vocabularies in the predetermined word bank as redundant logs according to the predetermined word bank; and removing redundant logs in the p running logs to obtain q entry marked logs.
According to an embodiment of the present disclosure, determining target asset information for n devices includes: determining a first target log in the q-entry mark logs, wherein the log content of the first target log comprises provider information; and determining that the target asset information of the first device for which the first target log is intended is vendor information.
According to an embodiment of the present disclosure, the device address is an IP address of a device for which each log is executed; determining the target asset information for the n devices further comprises: determining a second target log in the q entry mark logs except the first target log, wherein the device address included in the second target log is crossed with the device address included in the first target log; and determining that the target asset information of the second device for which the second target log is intended is: target asset information of a first device to which the first target log is directed.
According to an embodiment of the present disclosure, determining target asset information for n devices further comprises: determining a third target log in the q-entry mark log except the first target log, wherein the format of the log content included in the third target log is the same as the format of the log content included in the first target log; determining target asset information of a device for which the third target log is intended as: target asset information of a first device to which the first target log is directed.
According to the embodiment of the disclosure, verifying the correctness of the pre-stored asset information of the n devices comprises: for any target log for which vendor information is determined: according to the equipment address included in any target log, pre-stored asset information of equipment for which any target log is specific is obtained from an asset management device; and determining that the pre-stored asset information of the equipment aimed at by any target log is correct under the condition that the target asset information of the equipment aimed at by any target log is consistent with the pre-stored asset information of the equipment aimed at by any target log.
According to an embodiment of the present disclosure, determining the target asset information of the n devices further comprises: determining r fourth target logs in the q entry mark logs except the first target log, wherein the formats of log contents included in the r fourth target logs are the same; and determining that a plurality of fourth devices for which r fourth target logs are aimed have the same target asset information, wherein r is an integer greater than or equal to 2.
According to an embodiment of the present disclosure, the removing redundant information in the p entry mark log to obtain the q entry mark log includes: removing redundant logs in p running logs to obtain q standard logs; and removing specific fields in the log contents included in the q standard logs to obtain q standard logs.
According to an embodiment of the present disclosure, verifying correctness of the pre-stored asset information of n devices includes: according to the device addresses included in the r fourth target logs, pre-stored asset information of each of the fourth devices is obtained from the asset management device; and when inconsistent pre-stored asset information exists in the plurality of pre-stored asset information of the plurality of fourth devices, determining that the devices with incorrect pre-stored asset information exist in the plurality of fourth devices.
According to an embodiment of the present disclosure, each of the operation logs further includes a log generation time; determining the target asset information for the n devices further comprises: when a plurality of target logs aiming at any one of the n devices exist, determining a target log with the latest log generation time in the plurality of target logs aiming at any one device; and determining the target asset information of any equipment according to the target log with the latest log generation time.
Another aspect of the present disclosure provides a device for checking asset information of an apparatus, including: the log acquisition module is used for acquiring p running logs monitored and obtained by the monitoring device, wherein the p running logs comprise at least one running log aiming at each device in the m devices, and each running log comprises a device address and log content; the information removing module is used for removing redundant information in the p running logs to obtain q entry mark logs; the asset information determining module is used for determining target asset information of n devices for which the q entry mark logs aim at according to the device addresses and the log contents included in the q entry mark logs; and the checking module is used for checking the correctness of the pre-stored asset information of the n devices according to the target asset information of the n devices and the pre-stored asset information of the n devices in the asset management device, wherein p, q, m and n are positive integers, p is more than or equal to q, and m is more than or equal to n.
Another aspect of the present disclosure provides a computer system comprising: one or more processors; and a storage device for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method for verifying equipment asset information as described above.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for performing the above-described method for verifying device asset information when executed by a processor.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the above method of verifying device asset information when executed.
According to the embodiment of the disclosure, the technical problems that the correctness of asset information in the related technology needs manual verification, the verification efficiency is low, and the missing detection is easy can be at least partially avoided. Therefore, the equipment asset information is obtained by analyzing the running log of the equipment monitored by the monitoring device, and the obtained asset information is compared with the asset information maintained in the asset management device, so that the automatic processing of information correctness check can be realized, the correctness of asset management is improved, and the manual accounting cost is reduced.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, which proceeds with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario of a method, apparatus, system and medium for verification of device asset information according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow diagram of a method of verification of device asset information, in accordance with an embodiment of the disclosure;
FIG. 3 schematically illustrates a flow chart for removing redundant logs to obtain a q-entry mark log according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow chart for determining target asset information for n devices according to an embodiment of the disclosure;
FIG. 5 schematically illustrates an architecture diagram implementing a method of verification of equipment asset information in accordance with an embodiment of the disclosure;
FIG. 6 schematically illustrates a block diagram of a verification device for asset information, in accordance with an embodiment of the present disclosure; and
FIG. 7 schematically illustrates a block diagram of a computer system adapted to perform a method of verifying device asset information, in accordance with an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B, and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B, and C" would include but not be limited to systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.).
The embodiment of the disclosure provides a method for verifying equipment asset information, which comprises the following steps: obtaining p running logs monitored and obtained by a monitoring device, wherein the p running logs comprise at least one running log aiming at each device in m devices, and each running log comprises a device address and log content; removing redundant information in p running logs to obtain q entry marked logs; determining target asset information of n devices for which the q entry mark logs aim according to device addresses and log contents included in the q entry mark logs; and checking the correctness of the pre-stored asset information of the n devices according to the target asset information of the n devices and the pre-stored asset information of the n devices in the asset management device, wherein p, q, m and n are positive integers, p is greater than or equal to q, and m is greater than or equal to n.
Fig. 1 schematically illustrates an application scenario of a method, an apparatus, a system and a medium for verifying device asset information according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of an application scenario in which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, but does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the application scenario 100 includes a terminal device 110, a monitoring device 120, and a network 130. The network 130 is a medium for providing a communication link between the terminal device 110 and the monitoring device 120. The network 130 may include various connection types, such as wired, wireless communication links, and so forth.
The terminal device 110 may be, for example, various electronic devices having a display screen and having processing functionality, including but not limited to smartphones, tablets, laptop convenience computers, desktop computers, smart wearable devices, and the like. The terminal device may be installed with various client applications, such as a web browsing application, an instant messaging application, an information checking application, and the like.
Illustratively, the terminal device 110 may be installed with, for example, an apparatus having an information maintenance management function. In an embodiment, the terminal device 110 may be provided with a management platform such as an asset management device and a configuration management device.
Illustratively, the asset management device may be used to maintain asset information for each fixed asset within an enterprise, for example, and the configuration management device may be maintained with a version number, asset number, etc. for each fixed asset, for example. In one embodiment, the fixed assets may include, for example, servers and various network devices such as switches, firewalls, routers, etc. in the network topology 140 shown in FIG. 1. Accordingly, the information maintained in the configuration management apparatus includes asset numbers of the server and each network device, device addresses (IP addresses), and the like. The asset information maintained in the asset management device includes the supplier of the fixed asset, performance information, price information, and the like.
In an embodiment, the intrinsic assets may also include, for example, software assets and the like. Information about the vendor of the software, the type of software, the version of the software, etc. may also be maintained in the asset management device.
According to an embodiment of the present disclosure, in order to facilitate the verification of the asset information, the monitoring device 120 of this embodiment may be provided with a monitoring apparatus for monitoring the operation logs of each device and the operation logs of each software in the network topology, and storing the operation logs in a predetermined storage space. The terminal device 110 may determine the asset information of each device in the network topology 140 according to the operation log monitored by the monitoring apparatus, and compare the asset information with the asset information maintained by the asset management apparatus to determine the correctness of the asset information in the asset management apparatus.
It should be noted that the method for verifying the device asset information according to the embodiment of the present disclosure may be generally executed by a terminal device. Accordingly, the device for verifying the equipment asset information according to the embodiment of the present disclosure may be generally disposed in the terminal device. The equipment asset information checking method and device provided by the disclosure can be used in the financial field, and also can be used in the information security field, the big data field or other fields except the financial field.
It should be understood that the terminal devices, network topology, network and monitoring devices in fig. 1 are merely illustrative. Any type of terminal device, network topology, network and monitoring device may be provided, depending on implementation needs.
The following describes in detail a method for verifying device asset information according to an embodiment of the present disclosure with reference to fig. 2 to 5 in conjunction with an application scenario described in fig. 1.
FIG. 2 schematically illustrates a flow chart of a method of verification of device asset information according to an embodiment of the disclosure.
As shown in fig. 2, the method for verifying the equipment asset information according to this embodiment may include, for example, operations S210 to S240.
In operation S210, p running logs monitored by the monitoring apparatus are obtained, where the p running logs include at least one running log for each device of the m devices, and each running log includes a device address and log content. Wherein p and m are both positive integers.
According to the embodiment of the disclosure, the running logs monitored and obtained by the monitoring device in a predetermined period of time can be obtained, and p running logs can be obtained, and the p running logs can include logs pushed by hardware equipment and logs pushed by a software system. Wherein, m equipment is the equipment that pushes the running log to the monitoring device in the predetermined time interval. The m devices may include, for example, servers and network devices in the network topology of fig. 1.
For example, in order to implement a comprehensive verification on the asset information maintained by the asset management device, the p running logs obtained in this embodiment may also be, for example, the full running logs obtained by monitoring by the monitoring device.
Illustratively, each log of operations may include, for example, a device address, log contents, and a log generation time. The device address may be, for example, a device IP address, and the log generation time is time for the device to generate the operation log. After the operation logs monitored by the monitoring system are obtained, for convenience of subsequent use, the embodiment may further perform formatting processing on the operation logs so as to unify the operation logs of different devices. The format of each of the p log entries obtained after the formatting process can be shown in the following table, for example.
Figure BDA0002607935660000071
In operation S220, redundant information in p running logs is removed to obtain q entry marked logs. Wherein q is a positive integer, and p is greater than or equal to q.
According to the embodiment of the disclosure, in order to improve the processing efficiency and accuracy, the embodiment can only keep the running logs of the hardware devices in the p running logs, and remove the running logs of the software class, the operating system class and the performance class. The removed logs may include, for example, CPU alarm class operation logs, memory storage space insufficiency class operation logs, flow abnormality class operation logs, port interruption class operation logs, and the like.
Illustratively, the embodiment may be maintained in advance with a predetermined word library including various software names, various operating system names, various performance indicator names, and the like. The embodiment may be that character recognition is performed on each of the p running logs, whether each running log includes the vocabulary in the predetermined lexicon is determined, if yes, the running log is used as a redundant log, and the running log is removed from the p running logs. And after removing the redundant logs, taking the remaining q running logs as target logs.
According to the embodiment of the disclosure, the log content in the running log of some software classes is considered to change along with the change of the software version. In order to avoid that the running logs of the software of the new version are not removed, the implementation of the method can also maintain and update the predetermined word bank according to the running logs. For example, if a field that appears only once is acquired by identifying the acquired log, the field may be classified as useless software class information and added to the predetermined thesaurus.
According to an embodiment of the present disclosure, in order to improve subsequent processing efficiency, when removing redundant information, for example, a fuzzy matching method may be adopted in the embodiment, for example, if a predetermined word bank includes a word "software", and a certain run log in p run logs includes a word "software1", the certain run log is removed from the p run logs as redundant information.
In operation S230, target asset information of n devices for which the q-entry tag log is intended is determined according to the device address and the log content included in the q-entry tag log. Wherein n is a positive integer, and m is greater than or equal to n.
According to embodiments of the present disclosure, asset information may include, for example, vendor information, which may include, for example, huacheng, zhongxing, and the like. Considering that supplier information is recorded in part of the log content, in order to determine asset information of the device, the present embodiment may maintain a supplier lexicon. By performing character recognition on each target log in the q-entry log, a first target log in the q-entry log whose log content includes provider information in a provider thesaurus can be determined. And determining that the target asset information of the first device for which the first target log is intended is the provider information of the log content record in the first target log.
Illustratively, in determining whether the log content of the target log includes the provider information in the provider thesaurus, the fuzzy matching method may be adopted to match the log content with the provider thesaurus. For example, if vendor information "IBM" is included in the vendor thesaurus, when a character having "IBM" is included in the log content of the target log, for example, "IBMG", it is determined that the target asset information of the device to which the target log is directed is IBM.
According to embodiments of the present disclosure, it is contemplated that the IP addresses of devices of the same vendor tend to be crossed. Therefore, for a target log in which provider information is not recorded in the log content, the target log and a first target log whose device address intersects with a device address included in the target log may be classified into one category, and it may be determined that a device to which the target log is directed and a device to which the first target log classified into the same category is directed have the same provider information. Accordingly, operation S230 may, for example, first determine a second target log, other than the first target log, in the q-entry target log, where the device address included in the second target log is intersected with the device address included in the first target log. And finally determining that the target asset information of the second device aimed at by the second target log is as follows: target asset information for a first device for which the first target log is intended.
According to an embodiment of the present disclosure, it is considered that the format of the operation log generated by the equipment of the same vendor is generally fixed. Therefore, for a target log in which provider information is not recorded in the log content, the target log and a first target log in which the log content has the same format as the log content included in the target log can be classified into one type. And determining that the device for which the target log is intended has the same vendor information as the device for which the first target log is classified as the same. Accordingly, operation S230 may, for example, determine a third target log, except the first target log, in the q-entry target log, where the third target log includes log contents in the same format as the first target log. And finally determining the target asset information of the equipment aimed at by the third target log as follows: target asset information for a first device for which the first target log is intended.
According to embodiments of the present disclosure, the format of the log of runs generated considering the same vendor's equipment is generally fixed. Therefore, for the target logs of which the supplier information is not recorded in the log content, the target logs with the same format can be classified into one type, and the devices for which the classified target logs are determined to have the same asset information. Accordingly, operation S230 may, for example, first determine r fourth target logs, except for the first target log, in the q entry target logs, where the r fourth target logs include log contents with the same format; it is determined that a plurality of fourth devices for which r fourth target logs are intended have the same target asset information. And the formats of the log contents of any two target logs in the r fourth target logs are the same, r is an integer greater than or equal to 2, and r is less than or equal to p and q.
In operation S240, the correctness of the pre-stored asset information of the n devices is verified according to the target asset information of the n devices and the pre-stored asset information of the n devices in the asset management device.
According to an embodiment of the present disclosure, the device address in the operation log is an IP address of a device for which the operation log is directed. For the aforementioned first device, second device, and third device for which the asset information is determined, the asset number corresponding to the device address in the operation log for the device may be acquired from the configuration management apparatus in the application scenario described in fig. 1. And then, acquiring the preset asset information of the first equipment, the second equipment and the third equipment from the asset management device according to the asset number. Finally, the acquired predetermined asset information of the first device is compared with the asset information determined through operation S230 to determine whether the two are consistent, and if so, it is determined that the predetermined asset information of the first device maintained in the asset management apparatus is correct. The predetermined asset information is asset information of equipment maintained in the asset management device.
Accordingly, operation S240 may determine, for example, for any target log for which the provider information is determined, whether the predetermined asset information of the device for which the any target log is determined is correct by the following operations. First, according to the device address included in any target log, pre-stored asset information of the device to which any target log is directed is acquired from the asset management device. And then determining that the pre-stored asset information of the equipment aimed at by any target log is correct under the condition that the target asset information of the equipment aimed at by any target log is consistent with the pre-stored asset information of the equipment aimed at by any target log.
According to the embodiment of the present disclosure, as can be seen from the foregoing operation S230, the target log in which the provider information is not determined is classified. And determines that the devices corresponding to the object logs classified as a class should have the same asset information. Therefore, for the aforementioned r fourth target logs classified into one category, the pre-stored asset information of the plurality of devices for which the r fourth target logs are intended can be acquired from the asset management apparatus in a manner similar to the aforementioned. When inconsistent pre-stored asset information exists in the pre-stored asset information of the plurality of devices, it can be determined that a device with incorrect pre-stored asset information exists in the plurality of fourth devices. It is understood that the number of the fourth devices may be equal to the number of the fourth target logs, for example, or the number of the fourth devices may be smaller than the number of the fourth target logs, for example. That is, there may be two target logs for the same device in the r fourth target logs.
According to an embodiment of the present disclosure, in order to further determine a device, of the plurality of fourth devices, for which the pre-stored asset information is incorrect, the embodiment may divide the plurality of pre-stored asset information of the plurality of fourth devices into at least two pre-stored asset information groups, each of the pre-stored asset information groups including the pre-stored asset information identical to each other. Therefore, the working personnel can obtain one piece of pre-stored asset information from each pre-stored asset information group and check whether the obtained one piece of pre-stored asset information is correct or not, and if the one piece of pre-stored asset information is correct, each piece of pre-stored asset information in the pre-stored asset information group is correct.
In summary, the embodiment of the present disclosure may determine the asset information of the device according to the operation log, and determine whether the pre-stored asset information in the asset management apparatus is correct according to the determined asset information. Therefore, the automatic verification of the asset information in the asset management device can be realized, and the verification efficiency and accuracy of the asset information are effectively improved.
According to the embodiment of the disclosure, the operation log generally includes values of some variables, and for different devices of the same provider, the values of the variables in the generated operation log may be different, which may result in a situation that the operation logs generated by the devices belonging to the same provider cannot be classified into one class through operation S230 to some extent, thereby affecting determination of asset information of the devices targeted by the operation logs. In order to avoid this situation, when the redundant information of the operation log is removed, in addition to removing the redundant log, the present embodiment may also remove the variables in the remaining operation log.
Fig. 3 schematically shows a flowchart of removing redundant logs to obtain a q-entry mark log according to an embodiment of the present disclosure.
As shown in fig. 3, the aforementioned operation S220 may include, for example, operations S321 to S322.
In operation S321, redundant logs in p running logs are removed, and q standard logs are obtained.
According to an embodiment of the present disclosure, in operation S321, for example, the foregoing method may be adopted to determine to obtain the redundant logs, and remove the redundant logs from the p running logs, and use remaining logs in the p running logs as standard logs to obtain q standard logs.
In operation S322, specific fields in log contents included in each of the q standard logs are removed, so as to obtain q entry standard logs.
According to an embodiment of the present disclosure, it is considered that the value of the variable generally includes a number and a special character, and thus, a field including the number and the special character may be taken as a specific field. Operation S322 may first determine whether log contents included in each of the q standard logs include fields with data and/or special characters, and if so, reject the log contents. After the specific field is removed from the log content of each standard log, the standard log can be used as a finally determined target log.
Illustratively, special characters may include, for example, non-alphabetic characters such as "\", ","/"," # "," $ "," (","), and the like.
Illustratively, if the log content of a standard log is:
“The member disk(enclosure 13,slot 20)cannot be located;therefore,the RAID group(name RAID039,ID 38)may be degraded or faulty.”。
by removing a specific field, the obtained target log can be represented as follows:
“The member disk enclosure,slot cannot be located;therefore,the RAID group name RAID,ID may be degraded or faulty.”。
according to the embodiment of the present disclosure, in consideration that there may be multiple target logs for the same device in the p-entry target logs, in order to improve the accuracy of the determined target asset information, when determining the target asset information of n devices, for example, the target log with the latest generation time may be obtained by screening the multiple target logs for the same device as a basis to determine the target asset information of the same device. By the method, the condition that the running logs are classified into different categories due to different IP address sections adopted by the equipment in different time periods or different running states can be avoided to a certain extent, and therefore the information of a plurality of target assets is obtained.
Fig. 4 schematically illustrates a flow chart for determining target asset information for n devices according to an embodiment of the disclosure.
As shown in fig. 4, in an embodiment, the operation S230 of determining the target asset information of the n devices may include, for example, operations S431 to S432.
In operation S431, in a case where there are a plurality of target logs for any one of the n devices, a target log whose log generation time is the latest among the plurality of target logs for any one of the n devices is determined.
In operation S432, target asset information of any one device is determined according to the target log of which log generation time is the latest.
According to the embodiment of the disclosure, the q entry mark logs can be divided into multiple groups according to the device addresses included in the q entry mark logs, and the devices targeted by the target logs in each group of target logs are the same device. And then selecting a target log with the newest log generation time from each group of target logs according to the log generation time of the target logs in each group of target logs. And then determining target asset information of equipment corresponding to the selected target logs according to the selected target logs in each group of target logs.
According to the embodiment of the disclosure, the target asset information of the device to which each running log is directed can be directly determined according to q running logs, the target asset information of the same device is classified into one class, and the target asset information determined according to the target log with the latest log generation time is selected from the classified target asset information to serve as the target asset information of the device to which the target asset information of the class is directed.
FIG. 5 schematically shows an implementation architecture diagram implementing a method of verification of device asset information according to an embodiment of the disclosure.
As shown in fig. 5, the architecture diagram may include, for example, a monitoring device 511, a monitored device 512, and an asset management device 513.
The monitoring apparatus 511 is used for monitoring the operation status of the monitored device 512, and the monitored device 512 may push a monitoring log to the monitoring apparatus 511. Monitored device 512 may be, for example, a device in the network topology described above with respect to fig. 1. The asset management device 513 stores a manually entered supplier of the monitored equipment as a predetermined equipment supplier 522.
Based on the IP address in the log 521 stored in the monitoring apparatus 511, a predetermined device provider of the monitored device may be acquired from the asset management apparatus 513, for example. The actual supplier of the monitored device 512 may be determined as the target device supplier 523 by a method similar to the method described in the foregoing operations S210 to S230.
Finally, it is determined whether the target equipment supplier and the predetermined equipment supplier coincide to determine whether there is an abnormality in the supplier of the monitored equipment registered in the asset management device through operation S501. And if the two are not consistent, determining that the preset equipment supplier is an abnormal supplier, and if the two are consistent, determining that the preset equipment supplier is a correct supplier.
Fig. 6 schematically shows a block diagram of a structure of an asset information verification apparatus according to an embodiment of the present disclosure.
As shown in fig. 6, the asset information verification apparatus 600 of this embodiment may include a log acquisition module 610, an information culling module 620, an asset information determination module 630, and a verification module 640.
The log obtaining module 610 is configured to obtain p running logs monitored by the monitoring apparatus, where the p running logs include at least one running log for each device of the m devices, and each running log includes a device address and log content. In an embodiment, the log obtaining module 610 may be configured to perform operation S210 described in fig. 2, for example, and is not described herein again. Wherein p and m are both positive integers.
The information removing module 620 is configured to remove redundant information in p running logs to obtain q entry marked logs. In an embodiment, the information culling module 620 may be configured to perform operation S220 described in fig. 2, for example, and is not described herein again. Wherein q is a positive integer, and p is greater than or equal to q.
The asset information determining module 630 is configured to determine target asset information of the n devices for which the q entry tag log is directed according to the device address and the log content included in the q entry tag log. In an embodiment, the asset information determining module 630 may be configured to perform operation S230 described in fig. 2, for example, and will not be described herein again. In one embodiment, n is a positive integer, and m is greater than or equal to n.
The checking module 640 is configured to check correctness of the pre-stored asset information of the n devices according to the target asset information of the n devices and the pre-stored asset information of the n devices in the asset management apparatus. In an embodiment, the checking module 640 may be configured to perform the operation S240 described in fig. 2, for example, and is not described herein again.
According to an embodiment of the disclosure, the information culling module 620 may be configured to perform operations S321 to S322 described in fig. 3, for example, and will not be described herein again.
According to an embodiment of the present disclosure, the asset information determining module 630 may be configured to perform operations S431 to S432 described in fig. 4, for example, and will not be described herein again.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
FIG. 7 schematically illustrates a block diagram of a computer system adapted to perform a method of verifying device asset information, in accordance with an embodiment of the disclosure.
As shown in fig. 7, a computer system 700 according to an embodiment of the present disclosure includes a processor 701, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. The processor 701 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 701 may also include on-board memory for caching purposes. The processor 701 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 703, various programs and data necessary for the operation of the computer system 700 are stored. The processor 701, the ROM 702, and the RAM 703 are connected to each other by a bus 704. The processor 701 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 702 and/or the RAM 703. It is noted that the programs may also be stored in one or more memories other than the ROM 702 and RAM 703. The processor 701 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, the computer system 700 may also include an input/output (I/O) interface 705, the input/output (I/O) interface 705 also being connected to the bus 704. The computer system 700 may also include one or more of the following components connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted into the storage section 708 as necessary.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. When the computer program is executed by the processor 701, the above-described functions defined in the computer system of the embodiment of the present disclosure are performed. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement a method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 702 and/or the RAM 703 and/or one or more memories other than the ROM 702 and the RAM 703 described above.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (13)

1. A method for verifying equipment asset information comprises the following steps:
the method comprises the steps of obtaining p running logs monitored and obtained by a monitoring device, wherein the p running logs comprise at least one running log aiming at each device in m devices, each running log comprises a device address and log content, and the m devices are devices for pushing the p running logs to the monitoring device within a preset time period;
removing redundant information in the p running logs, and reserving the running logs of the hardware equipment in the p running logs to obtain q item marked logs;
determining target asset information of n devices for which the q entry mark logs are aimed according to device addresses and log contents included in the q entry mark logs, wherein the n devices comprise servers and/or various network devices; and
checking the correctness of the pre-stored asset information of the n devices according to the target asset information of the n devices and the pre-stored asset information of the n devices in the asset management device,
wherein p, q, m and n are positive integers, p is more than or equal to q, and m is more than or equal to n.
2. The method of claim 1, wherein removing redundant information in the p running logs according to a predetermined rule to obtain q marked logs comprises:
determining that the p running logs comprise running logs of vocabularies in a predetermined word bank as redundant logs according to the predetermined word bank; and
and removing redundant logs in the p running logs to obtain q entry marked logs.
3. The method of claim 1, wherein determining target asset information for n devices comprises:
determining a first target log in the q-entry mark logs, wherein the log content of the first target log comprises provider information; and
determining that target asset information of a first device for which the first target log is intended is the vendor information.
4. The method of claim 3, wherein the device address is an IP address of a device for which the each of the run logs is intended; determining the target asset information for the n devices further comprises:
determining a second target log in the q-entry target log except the first target log, wherein the device address included in the second target log is intersected with the device address included in the first target log; and
determining that the target asset information of the second device for which the second target log is intended is: target asset information for a first device for which the first target log is intended.
5. The method of claim 3, wherein determining target asset information for n devices further comprises:
determining a third target log in the q-entry mark log except the first target log, wherein the format of the log content included in the third target log is the same as the format of the log content included in the first target log;
determining that the target asset information of the device for which the third target log is intended is: target asset information for a first device for which the first target log is intended.
6. The method according to any one of claims 3 to 5, wherein verifying correctness of the pre-stored asset information of the n devices comprises: for any target log for which vendor information is determined:
according to the equipment address included in any target log, pre-stored asset information of equipment for which any target log aims is obtained from the asset management device; and
and determining that the pre-stored asset information of the equipment aimed at by any target log is correct when the target asset information of the equipment aimed at by any target log is consistent with the pre-stored asset information of the equipment aimed at by any target log.
7. The method of claim 3, wherein determining target asset information for n devices further comprises:
determining r fourth target logs in the q entry mark logs except the first target log, wherein the formats of log contents included in the r fourth target logs are the same with each other;
determining that a plurality of fourth devices for which the r fourth target logs are intended have the same target asset information,
wherein r is an integer of 2 or more.
8. The method of claim 5 or 7, wherein the removing redundant information in the p running logs to obtain a q-entry target log comprises:
removing redundant logs in the p running logs to obtain q standard logs; and
and removing specific fields in the log contents included in the q standard logs respectively to obtain the q entry standard logs.
9. The method of claim 7, wherein verifying the correctness of the pre-stored asset information for the n devices comprises:
according to the device addresses included in the r fourth target logs, acquiring pre-stored asset information of the fourth devices from the asset management device; and
and when inconsistent pre-stored asset information exists in the plurality of pre-stored asset information of the plurality of fourth devices, determining that the devices with incorrect pre-stored asset information exist in the plurality of fourth devices.
10. The method of claim 1, wherein each of the run logs further comprises a log generation time; determining the target asset information for the n devices further comprises:
if a plurality of target logs aiming at any one device in the n devices exist, determining a target log with the latest log generation time in the plurality of target logs aiming at the any one device; and
and according to the target log with the latest time generated by the log, determining the target asset information of any equipment.
11. An apparatus for verifying asset information of a device, comprising:
the system comprises a log acquisition module, a log acquisition module and a monitoring device, wherein the log acquisition module is used for acquiring p running logs monitored and obtained by the monitoring device, the p running logs comprise at least one running log aiming at each device in m devices, each running log comprises a device address and log content, and the m devices are devices for pushing the p running logs to the monitoring device in a preset time period;
the information removing module is used for removing redundant information in the p running logs, reserving the running logs of the hardware equipment in the p running logs and obtaining q item marked logs;
the asset information determining module is used for determining target asset information of n devices aiming at the q entry mark logs according to device addresses and log contents included in the q entry mark logs, wherein the n devices comprise servers and/or various network devices; and
a checking module for checking the correctness of the pre-stored asset information of the n devices according to the target asset information of the n devices and the pre-stored asset information of the n devices in the asset management device,
wherein p, q, m and n are positive integers, p is more than or equal to q, and m is more than or equal to n.
12. A computer system, comprising:
one or more processors;
a storage device to store one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-10.
13. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any one of claims 1 to 10.
CN202010747782.0A 2020-07-29 2020-07-29 Equipment asset information verification method, device, system and medium Active CN111884858B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010747782.0A CN111884858B (en) 2020-07-29 2020-07-29 Equipment asset information verification method, device, system and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010747782.0A CN111884858B (en) 2020-07-29 2020-07-29 Equipment asset information verification method, device, system and medium

Publications (2)

Publication Number Publication Date
CN111884858A CN111884858A (en) 2020-11-03
CN111884858B true CN111884858B (en) 2023-01-03

Family

ID=73201148

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010747782.0A Active CN111884858B (en) 2020-07-29 2020-07-29 Equipment asset information verification method, device, system and medium

Country Status (1)

Country Link
CN (1) CN111884858B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112688806A (en) * 2020-12-18 2021-04-20 国家工业信息安全发展研究中心 Method and system for presenting network assets
CN114553687B (en) * 2022-02-28 2024-02-13 中国工商银行股份有限公司 Network asset configuration information processing method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107579876A (en) * 2017-09-15 2018-01-12 中国移动通信集团广东有限公司 A kind of automatic detection analysis method and device of assets increment
CN109767351A (en) * 2018-12-24 2019-05-17 国网山西省电力公司信息通信分公司 A kind of security postures cognitive method of power information system daily record data
CN111030972A (en) * 2019-03-29 2020-04-17 哈尔滨安天科技集团股份有限公司 Asset information management and visual display method, device and storage equipment
CN111130877A (en) * 2019-12-23 2020-05-08 国网江苏省电力有限公司信息通信分公司 NLP-based weblog processing system and method
CN111431753A (en) * 2020-04-02 2020-07-17 深信服科技股份有限公司 Asset information updating method, device, equipment and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8051204B2 (en) * 2007-04-05 2011-11-01 Hitachi, Ltd. Information asset management system, log analysis server, log analysis program, and portable medium
CN107809433B (en) * 2017-11-06 2020-04-07 中国联合网络通信集团有限公司 Asset management method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107579876A (en) * 2017-09-15 2018-01-12 中国移动通信集团广东有限公司 A kind of automatic detection analysis method and device of assets increment
CN109767351A (en) * 2018-12-24 2019-05-17 国网山西省电力公司信息通信分公司 A kind of security postures cognitive method of power information system daily record data
CN111030972A (en) * 2019-03-29 2020-04-17 哈尔滨安天科技集团股份有限公司 Asset information management and visual display method, device and storage equipment
CN111130877A (en) * 2019-12-23 2020-05-08 国网江苏省电力有限公司信息通信分公司 NLP-based weblog processing system and method
CN111431753A (en) * 2020-04-02 2020-07-17 深信服科技股份有限公司 Asset information updating method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN111884858A (en) 2020-11-03

Similar Documents

Publication Publication Date Title
US10055274B2 (en) Automated diagnosis of software crashes
US8082471B2 (en) Self healing software
US10621212B2 (en) Language tag management on international data storage
US10762544B2 (en) Issue resolution utilizing feature mapping
US20150331780A1 (en) Defect analysis system for error impact reduction
US20200012550A1 (en) Enabling symptom verification
US7624309B2 (en) Automated client recovery and service ticketing
US20140237297A1 (en) Method and system for supporting event root cause analysis
US20060150163A1 (en) Problem determination using system run-time behavior analysis
CN111884858B (en) Equipment asset information verification method, device, system and medium
US9852232B2 (en) Automating event trees using analytics
US10705903B2 (en) Identifying system failures by accessing prior troubleshooting information
US20200034224A1 (en) Early risk detection and management in a software-defined data center
US11379247B2 (en) Methods and systems for comparing computer configuration information
US20160162825A1 (en) Monitoring the impact of information quality on business application components through an impact map to data sources
CN114205216A (en) Root cause positioning method and device for micro-service fault, electronic equipment and medium
Soud et al. A fly in the ointment: an empirical study on the characteristics of Ethereum smart contract code weaknesses
US11687574B2 (en) Record matching in a database system
US11822578B2 (en) Matching machine generated data entries to pattern clusters
CN111752600B (en) Code anomaly detection method and device, computer equipment and storage medium
CN114416560A (en) Program crash analysis aggregation method and system
CN113760579A (en) Troubleshooting method and device
US9330115B2 (en) Automatically reviewing information mappings across different information models
US20230169170A1 (en) Techniques for fixing configuration and for fixing code using contextually enriched alerts
CN111290870A (en) Method and device for detecting abnormity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant