CN112711570A - Log information processing method and device, electronic equipment and storage medium - Google Patents

Log information processing method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN112711570A
CN112711570A CN202110071948.6A CN202110071948A CN112711570A CN 112711570 A CN112711570 A CN 112711570A CN 202110071948 A CN202110071948 A CN 202110071948A CN 112711570 A CN112711570 A CN 112711570A
Authority
CN
China
Prior art keywords
log information
hash
hash chain
chain value
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110071948.6A
Other languages
Chinese (zh)
Inventor
刘伟
郭井龙
李向锋
赵永省
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING CERTIFICATE AUTHORITY
Original Assignee
BEIJING CERTIFICATE AUTHORITY
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING CERTIFICATE AUTHORITY filed Critical BEIJING CERTIFICATE AUTHORITY
Priority to CN202110071948.6A priority Critical patent/CN112711570A/en
Publication of CN112711570A publication Critical patent/CN112711570A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/1734Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/1805Append-only file systems, e.g. using logs or journals to store data
    • G06F16/1815Journaling file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The application provides a log information processing method, a log information processing device, an electronic device and a storage medium, wherein the method comprises the following steps: acquiring first log information and a second hash chain value of second log information, wherein the second log information is the previous log information of the first log information; based on a preset hash algorithm, performing hash operation on the first log information and the second hash chain value to obtain a first hash chain value of the first log information; and determining target log information corresponding to the first log information according to the first log information and the first hash chain value. The method and the device can prevent the log information from being maliciously tampered or deleted, monitor the change condition of the first log information according to the first hash chain value in the target log information, and improve the safety of the log information.

Description

Log information processing method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for processing log information, an electronic device, and a storage medium.
Background
Logging is an important function of an information system, which can record related processing behaviors of the information system so as to facilitate subsequent system behavior analysis, such as identifying attacked behaviors, abnormal access behaviors, error login behaviors, responsibility identification and normal business behaviors of the system. Typically, the system log records are stored in a system, a database or a log server, and the log information is stored by using distributed storage or disk redundancy technology. However, since log records are not protected by cryptographic techniques during storage, there is a risk of being tampered, deleted, and repudiated. Therefore, the existing log record has the problem of low safety.
Disclosure of Invention
An embodiment of the present application provides a method and an apparatus for processing log information, an electronic device, and a storage medium, and aims to solve the problem of low security of current log records.
In a first aspect, an embodiment of the present application provides a method for processing log information, including:
acquiring first log information and a second hash chain value of second log information, wherein the second log information is the previous log information of the first log information;
based on a preset hash algorithm, performing hash operation on the first log information and the second hash chain value to obtain a first hash chain value of the first log information;
and determining target log information corresponding to the first log information according to the first log information and the first hash chain value.
In this embodiment, a hash operation is performed on the first log information and the second hash chain value to obtain a first hash chain value of the first log information, and the hash chain value is used to record the correlation between the current log information and the previous log information, so that all log information is associated in this way, and thus when any record in the front changes, any record in the back can be detected, and thus the log information can be prevented from being maliciously tampered or deleted; and finally, determining the target log information corresponding to the first log information according to the first log information and the first hash chain value, so that the change condition of the first log information can be monitored according to the first hash chain value in the target log information, and the safety of the log information is improved.
In one implementation, obtaining first log information includes:
acquiring a log record and a first record number of the log record;
and splicing the log record and the first record number to obtain first log information.
In the implementation process, each log record corresponds to a unique first record number, and the log records and the first record numbers are spliced, so that on one hand, the first record numbers can be used as unique identifiers of the log records so as to be convenient for subsequently associating all the log records; on the other hand, whether the log record is deleted or not can be checked according to the continuity of the first record numbers of all log information, so that the follow-up system audit is facilitated.
In one implementation manner, before determining the target log information corresponding to the first log information according to the first log information and the first hash chain value, the method further includes:
based on a hash algorithm, performing hash operation on the first log information to obtain a first hash value of the first log information;
signing the first hash value based on a signature algorithm and a preset signature certificate to obtain a first signature value of the first log information;
the signature algorithm, the signature certificate and the first signature value form signature data;
determining target log information corresponding to the first log information according to the first log information and the first hash chain value, wherein the determining comprises the following steps:
and determining target log information corresponding to the first log information according to the first log information, the signature data and the first hash chain value.
In the implementation process, the first hash value of the first log information is calculated so as to facilitate subsequent processing operations such as signing and the like on the first log information by using the first hash value, and then the first hash value is signed by using a signature algorithm and a signature certificate, so that an operator can be identified according to the signature certificate to prevent the operator from denying the operation behavior.
In one implementation, based on a predetermined hash algorithm, performing a hash operation on the first log information and the second hash chain value to obtain a first hash chain value of the first log information includes:
splicing the first log information and the second hash chain value to obtain a target character string;
and based on a hash algorithm, performing hash operation on the target character string to obtain a hash chain value.
In the implementation process, the first log information and the second hash chain value are spliced and then subjected to hash operation, so that the first log information is associated with the previous log information, all the log information forms a hash chain, and subsequent system check is facilitated.
In one implementation, determining target log information corresponding to the first log information according to the first log information and the first hash chain value includes:
based on a signature algorithm, signing the first log information and the first hash chain value to obtain a second signature value;
and taking the first log information, the first hash chain value and the second signature value as target log information.
In the implementation process, for a service system with a higher security requirement level, the first log information and the first hash chain value can be signed, so that a system signature value is calculated, and the security of the log information is further improved.
In one implementation manner, after determining the target log information corresponding to the first log information according to the first log information and the first hash chain value, the method further includes:
calculating a third hash chain value of the first log information according to the first log information in the target log information;
determining whether the third hash chain value is equal to the first hash chain value;
and if the third hash chain value is not equal to the first hash chain value, judging that the first log information has a change condition or the hash chain value of the previous log information corresponding to the first log information is changed.
In the implementation process, the first log information is extracted again based on the target log information, and then the third hash chain value calculated by the first log information is compared with the first hash chain value in the target log information to determine the change condition of the first log information or the change condition of the hash chain value of the previous log information, so that the change verification of the log information is realized, and the system audit is facilitated.
In one implementation manner, after determining the target log information corresponding to the first log information according to the first log information and the first hash chain value, the method further includes:
acquiring a second record number of second log information;
determining whether a first record number of the first log information in the target log information is equal to a sum of the second record number and 1;
if the first record number is not equal to the sum of the second record number and 1, the log record in the first log information is judged to have a change.
In the implementation process, the change condition of the first log information is determined by comparing the first record number of the first log information with the second record number of the second log information, so that system audit is facilitated.
In a second aspect, an embodiment of the present application provides an apparatus for processing log information, including:
the first obtaining module is used for obtaining first log information and obtaining a second hash chain value of second log information, wherein the second log information is the last log information of the first log information;
the operation module is used for carrying out hash operation on the first log information and the second hash chain value based on a preset hash algorithm to obtain a first hash chain value of the first log information;
and the first determining module is used for determining the target log information corresponding to the first log information according to the first log information and the first hash chain value.
In a third aspect, an embodiment of the present application provides an electronic device, including a memory and a processor, where the memory is used to store a computer program, and the processor runs the computer program to make the electronic device execute the processing method of log information in the first aspect.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the computer program implements the processing method of log information of the first aspect.
It is understood that the beneficial effects of the second to fourth aspects can be seen from the description of the first aspect, and are not described herein again.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic flowchart of a method for processing log information according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a method for processing log information according to another embodiment of the present application;
fig. 3 is a schematic flowchart of a method for processing log information according to yet another embodiment of the present application;
fig. 4 is a schematic structural diagram of a log information processing apparatus according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
As described in the related art, since log records are not protected by a cryptographic technique when stored, there is a risk of being tampered, deleted, and repudiated, and it is seen that log records have a problem of low security.
In view of the above problems in the prior art, the present application provides a method for processing log information, in which a hash operation is performed on first log information and a second hash chain value to obtain a first hash chain value of the first log information, and the hash chain value is used to record the correlation between the current log information and the previous log information, so that all log information is associated with each other, and thus, when any previous record changes, any subsequent record can be detected, and thus, the log information can be prevented from being maliciously tampered or deleted; and finally, determining the target log information corresponding to the first log information according to the first log information and the first hash chain value, so that the change condition of the first log information can be monitored according to the first hash chain value in the target log information, and the safety of the log information is improved.
Referring to fig. 1, fig. 1 shows an implementation flowchart of a method for processing log information according to an embodiment of the present application. The log information processing method described in the embodiment of the present application can be applied to electronic devices, including but not limited to computer devices such as smart phones, tablet computers, desktop computers, supercomputers, personal digital assistants, physical servers, and cloud servers. The log information processing method in the embodiment of the application includes steps S101 to S103, which are detailed as follows:
step S101, obtaining the first log information, and obtaining a second hash chain value of the second log information, where the second log information is a previous log information of the first log information.
In the present embodiment, the first log information is log information of a system log, which includes log records. Optionally, the log information further includes a record number, and each log record corresponds to a record number. The second hash chain value is a hash chain value obtained by performing hash operation on the second log information and the hash chain value of the last log information.
Optionally, the obtaining of the first log information includes: acquiring a log record and a first record number of the log record; and splicing the log record and the first record number to obtain first log information. The log records include, but are not limited to, log operator, log object of the operation, operation result, operation time, and other operation information.
Illustratively, a counter is preset, which maintains a one-way incrementing sequence, and when data is collected once by another computer component/unit/module to the counter, the count value of the counter is incremented by 1. Therefore, when the system generates a log record, the current count value of the counter is collected, and the count value of the counter is incremented by 1 after the collection to be used as the record number of the next log record.
In this embodiment, the log record and the first record number are spliced, so that on one hand, the first record number can be used as the unique identifier of the log record, so as to associate all log records subsequently; on the other hand, whether the log record is deleted or tampered can be checked according to the continuity of the first record numbers of all log information, so that subsequent system audit is facilitated.
Step S102, based on a preset hash algorithm, performing a hash operation on the first log information and the second hash chain value to obtain a first hash chain value of the first log information.
In this embodiment, the hash algorithm is a hash (hsah) function that can convert an input message string of arbitrary length into an output string of fixed length. The hash chain value is a hash value obtained by hashing the log information and a hash chain value of the previous log information, and is essentially a hash value, but the hash value contains hash values of other log information, so that a link is formed, and the hash chain value is regarded as a hash chain.
It should be noted that, as for the first log information, there is no previous log information, so a value may be preset as the initial hash chain value, and the initial hash chain value may also be obtained in other manners, so as to be used for the hash operation of the hash chain value of the first log information. Illustratively, the record number 0 and the operation time of operating the first log information are spliced into an input string, and then the hash result of the input string is calculated by using a hash algorithm, and the obtained hash result is used as the initial hash chain value.
In an embodiment, the hash value of the first log information may be computed separately, and the hash value and the second hash chain value may be concatenated into an input string, and the first hash chain value may be obtained after performing the hash operation again.
In another embodiment, based on a predetermined hash algorithm, performing a hash operation on the first log information and the second hash chain value to obtain a first hash chain value of the first log information, includes: splicing the first log information and the second hash chain value to obtain a target character string; and based on a hash algorithm, performing hash operation on the target character string to obtain a hash chain value.
In this embodiment, the first log information and the second hash chain value are directly spliced and then subjected to hash operation, so that the steps of performing hash operation on the first log information independently are reduced, the operation steps are simplified, and meanwhile, the first log information can be associated with the previous log information, so that all log information forms a hash chain, and subsequent system check is facilitated.
Step S103, determining target log information corresponding to the first log information according to the first log information and the first hash chain value.
In this embodiment, the target log information is the log information finally stored in a log storage system (such as a log database, a log server, etc.). Optionally, for a service system with a lower security requirement level, the first log information and the first hash chain value may be directly spliced into the target log information in sequence.
Optionally, for a service system with a higher security requirement level, the first log information and the first hash chain value may be signed based on a signature algorithm to obtain a second signature value; and taking the first log information, the first hash chain value and the second signature value as target log information. In the implementation process, the first log information and the first hash chain value are signed, and a system signature value is calculated, so that the security of the log information is further improved.
On the basis of the embodiment of fig. 1, fig. 2 shows an implementation flow chart of a processing method of log information provided by another embodiment. As shown in fig. 2, step S201 is further included before step S103. It should be noted that the steps identical to those in the embodiment of fig. 1 are not described herein again.
S201, signing the first log information based on a preset signature algorithm to obtain signature data of the first log information.
In this embodiment, the signature algorithm is a digital signature algorithm that is an alphanumeric string processed through a one-way function to authenticate the source of the message and verify whether the message has changed during transmission. The signature algorithm may be the RSA signature algorithm or the SM2 signature algorithm. The signature data includes, but is not limited to, the first log information, a signature algorithm, and a signature value obtained by signing the first log information with the signature algorithm.
In an embodiment, the first log information may be directly signed by using a signature algorithm to obtain a signature value, and the first log information, the signature algorithm and the signature value may be combined into signature data.
In another embodiment, the hash operation may be performed on the first log information based on a hash algorithm to obtain a first hash value of the first log information; signing the first hash value based on a signature algorithm and a preset signature certificate to obtain a first signature value of the first log information; and combining the signature algorithm, the signature certificate and the first signature value into signature data.
In this embodiment, the first log information is a character string, and the character string is converted into a first hash value with a fixed length according to a hash function, so that the first log information is conveniently signed by the first hash value in the following processing operations. The first hash value is signed by the signature algorithm and the signature certificate, so that the operator can be identified according to the signature certificate, and the operator is prevented from denying the operation behavior of the operator. Finally, the signature value, the signature algorithm and the signature certificate can be packaged into signature data.
In a possible implementation manner, after the step S103, the method further includes: and calculating a second hash value of the first log information according to the first log information in the target log information, verifying the first signature value in the signature data by using the second hash value, the signature algorithm and the signature certificate, and judging that the first log information has a change condition if the verification fails.
In the implementation process, target log information is acquired from a log storage system, first log information in the target log information is extracted, and a second hash value is calculated according to the mode of the step S201.
On the basis of the embodiment of fig. 1, fig. 3 shows an implementation flow chart of a processing method of log information provided by yet another embodiment. As shown in fig. 3, steps S301 to S303 are also included after step S103. It should be noted that the steps identical to those in the embodiment of fig. 1 are not described herein again.
Step S301, calculating a third hash chain value of the first log information according to the first log information in the target log information.
In this embodiment, the target log information is obtained from the log storage system, the first log information in the target log information is extracted, and the third hash chain value of the first log information is calculated based on the hash algorithm in the manner of step S103.
Step S302, determining whether the third hash chain value is equal to the first hash chain value.
In this embodiment, the third hash chain value is compared with the first hash chain value in the target log information to verify the change condition of the target log information, so as to facilitate system check, such as system audit.
In step S303, if the second hash chain value is not equal to the first hash chain value, it is determined that the first log information has a change condition, or the hash chain value of the previous log information corresponding to the first log information has a change.
In this embodiment, since the hash algorithm and the algorithm input of S301 are the same as S102, the hash results of the two should be the same, that is, the third hash chain value is equal to the first hash chain value, the verification is successful, and the hash chain values of each log information are sequentially verified upwards, and if the hash chain values of all log information are verified successfully, it indicates that the log information is not changed. When the third hash chain value is not equal to the first hash chain value, it indicates that the log information or other log information is changed, for example, a certain log record is deleted.
In an embodiment, after determining the target log information corresponding to the first log information according to the first log information and the first hash chain value, the method further includes: acquiring a second record number of second log information, and determining whether a first record number of first log information in target log information is equal to the sum of the second record number and 1; if the first record number is not equal to the sum of the second record number and 1, the log record in the first log information is judged to have a change.
In this embodiment, the record number of the current log record is m, the record number x of the previous log record is obtained, whether m is x +1 or not is verified, if m is not m, the verification fails, and if m is m, the record numbers of the previous log records are sequentially verified until the record number of the first log record also satisfies the above formula, and the verification passes. If the discontinuity occurs in the middle, which indicates that the record is changed, and the verification fails, for example, the record number sequence of four consecutive log records is 1, 2, and 4, it indicates that the log record with record number 3 has been tampered. If all records are consecutive, it indicates that the log information has not been deleted. In the embodiment, the change condition of the first log information is determined by comparing the first record number of the first log information with the second record number of the second log information, so that the system audit is facilitated.
In order to execute the method corresponding to the above method embodiment to achieve the corresponding function and technical effect, the following provides a log information processing device. Referring to fig. 4, fig. 4 is a block diagram of a processing apparatus for log information according to an embodiment of the present application. The modules included in the apparatus in this embodiment are used to execute the steps in the embodiment corresponding to fig. 1 to 3, and refer to the description in the embodiment corresponding to fig. 1 to 3 and fig. 1 to 3 specifically. For convenience of explanation, only the parts related to the present embodiment are shown, and the log information processing apparatus provided in the embodiment of the present application includes:
a first obtaining module 401, configured to obtain first log information, and obtain a second hash chain value of second log information, where the second log information is a previous log information of the first log information;
an operation module 402, configured to perform a hash operation on the first log information and the second hash chain value based on a preset hash algorithm to obtain a first hash chain value of the first log information, where the second hash chain value is a hash chain value of the second log information, and the second log information is a previous log information of the first log information;
a first determining module 403, configured to determine, according to the first log information and the first hash chain value, target log information corresponding to the first log information.
In an embodiment, the obtaining module 401 includes:
an acquisition unit configured to acquire a log record and a first record number of the log record;
and the first splicing unit is used for splicing the log record and the first record number to obtain first log information.
In an embodiment, the apparatus further includes:
the signature module is used for signing the first log information based on a preset signature algorithm to obtain signature data of the first log information;
the first determining module 403 is further configured to determine, according to the first log information, the signature data, and the first hash chain value, target log information corresponding to the first log information.
In one embodiment, a signature module includes:
the first operation unit is used for carrying out hash operation on the first log information based on a hash algorithm to obtain a first hash value of the first log information;
the first signature unit is used for signing the first hash value based on a signature algorithm and a preset signature certificate to obtain a first signature value of the first log information;
and the composition unit is used for composing the signature algorithm, the signature certificate and the first signature value into signature data.
In one embodiment, the operation module 402 includes:
the second splicing unit is used for splicing the first log information and the second hash chain value to obtain a target character string;
and the second operation unit is used for carrying out hash operation on the target character string based on the hash algorithm to obtain a hash chain value.
In one embodiment, the first determining module 403 includes:
the second signature unit is used for signing the first log information and the first hash chain value based on a signature algorithm to obtain a second signature value;
means for generating a hash chain value for the first log information, the hash chain value, and the second signature value.
In one embodiment, the apparatus for processing log information further includes:
the calculating module is used for calculating a third hash chain value of the first log information according to the first log information in the target log information;
a second determining module for determining whether the third hash chain value is equal to the first hash chain value;
and the judging module is used for judging that the first log information has a change condition if the third hash chain value is not equal to the first hash chain value.
In one embodiment, the apparatus for processing log information further includes:
the second acquisition module is used for acquiring a second record number of the second log information;
a third determining module for determining whether a first record number of the first log information in the target log information is equal to a sum of the second record number and 1;
and the third judging module is used for judging that the log record in the first log information has a change condition if the first record number is not equal to the sum of the second record number and 1.
The processing device of the log information can implement the processing method of the log information of the method embodiment. The alternatives in the above-described method embodiments are also applicable to this embodiment and will not be described in detail here. The rest of the embodiments of the present application may refer to the contents of the above method embodiments, and in this embodiment, details are not described again.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 5, the electronic apparatus 5 of this embodiment includes: at least one processor 50 (only one shown in fig. 5), a memory 51, and a computer program 52 stored in the memory 51 and executable on the at least one processor 50, the processor 50 implementing the steps of any of the above-described method embodiments when executing the computer program 52.
The electronic device 5 may be a computing device such as a smart phone, a tablet computer, a desktop computer, a supercomputer, a personal digital assistant, a physical server, and a cloud server. The electronic device may include, but is not limited to, a processor 50, a memory 51. Those skilled in the art will appreciate that fig. 5 is merely an example of the electronic device 5, and does not constitute a limitation of the electronic device 5, and may include more or less components than those shown, or combine some of the components, or different components, such as an input-output device, a network access device, etc.
The Processor 50 may be a Central Processing Unit (CPU), and the Processor 50 may be other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 51 may in some embodiments be an internal storage unit of the electronic device 5, such as a hard disk or a memory of the electronic device 5. The memory 51 may also be an external storage device of the electronic device 5 in other embodiments, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device 5. Further, the memory 51 may also include both an internal storage unit and an external storage device of the electronic device 5. The memory 51 is used for storing an operating system, an application program, a BootLoader (BootLoader), data, and other programs, such as program codes of the computer program. The memory 51 may also be used to temporarily store data that has been output or is to be output.
In addition, an embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the computer program implements the steps in any of the method embodiments described above.
The embodiments of the present application provide a computer program product, which when running on an electronic device, enables the electronic device to implement the steps in the above method embodiments when executed.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Claims (10)

1. A method for processing log information is characterized by comprising the following steps:
acquiring first log information and a second hash chain value of second log information, wherein the second log information is the last log information of the first log information;
based on a preset hash algorithm, performing hash operation on the first log information and the second hash chain value to obtain a first hash chain value of the first log information;
and determining target log information corresponding to the first log information according to the first log information and the first hash chain value.
2. The method for processing log information according to claim 1, wherein the acquiring the first log information includes:
acquiring a log record and a first record number of the log record;
and splicing the log record and the first record number to obtain first log information.
3. The method according to claim 1, wherein before determining the target log information corresponding to the first log information according to the first log information and the first hash chain value, the method further comprises:
based on the hash algorithm, performing hash operation on the first log information to obtain a first hash value of the first log information;
signing the first hash value based on a preset signature algorithm and a signature certificate to obtain a first signature value of the first log information;
composing the signature algorithm, the signature certificate, and the first signature value into signature data;
determining, according to the first log information and the first hash chain value, target log information corresponding to the first log information, including:
and determining target log information corresponding to the first log information according to the first log information, the signature data and the first hash chain value.
4. The method as claimed in claim 1, wherein the performing a hash operation on the first log information and the second hash chain value based on a predetermined hash algorithm to obtain the first hash chain value of the first log information comprises:
splicing the first log information and the second hash chain value to obtain a target character string;
and based on the hash algorithm, carrying out hash operation on the target character string to obtain a first hash chain value.
5. The method for processing log information according to claim 1, wherein the determining, according to the first log information and the first hash chain value, the target log information corresponding to the first log information comprises:
based on a signature algorithm, signing the first log information and the first hash chain value to obtain a second signature value;
taking the first log information, the first hash chain value, and the second signature value as the target log information.
6. The method for processing log information according to claim 1, wherein after determining the target log information corresponding to the first log information according to the first log information and the first hash chain value, the method further comprises:
calculating a third hash chain value of the first log information according to the first log information in the target log information;
determining whether the third hash chain value is equal to the first hash chain value;
if the third hash chain value is not equal to the first hash chain value, it is determined that there is a change in the first log information or a change occurs in the hash chain value of the previous log information corresponding to the first log information.
7. The method according to claim 2, wherein after determining the target log information corresponding to the first log information according to the first log information and the first hash chain value, the method further comprises:
acquiring a second record number of the second log information;
determining whether a first record number of the first log information in the target log information is equal to a sum of the second record number and 1;
and if the first record number is not equal to the sum of the second record number and 1, judging that the log record in the first log information has a change condition.
8. An apparatus for processing log information, comprising:
the first obtaining module is used for obtaining first log information and obtaining a second hash chain value of second log information, wherein the second log information is the previous log information of the first log information;
an operation module, configured to perform a hash operation on the first log information and the second hash chain value based on a preset hash algorithm, to obtain a first hash chain value of the first log information;
and the first determining module is used for determining target log information corresponding to the first log information according to the first log information and the first hash chain value.
9. An electronic device, comprising a memory for storing a computer program and a processor for executing the computer program to cause the electronic device to execute the processing method of log information according to any one of claims 1 to 7.
10. A computer-readable storage medium, characterized in that it stores a computer program which, when executed by a processor, implements the processing method of log information according to any one of claims 1 to 7.
CN202110071948.6A 2021-01-19 2021-01-19 Log information processing method and device, electronic equipment and storage medium Pending CN112711570A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110071948.6A CN112711570A (en) 2021-01-19 2021-01-19 Log information processing method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110071948.6A CN112711570A (en) 2021-01-19 2021-01-19 Log information processing method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN112711570A true CN112711570A (en) 2021-04-27

Family

ID=75549526

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110071948.6A Pending CN112711570A (en) 2021-01-19 2021-01-19 Log information processing method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112711570A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115118507A (en) * 2022-06-29 2022-09-27 支付宝(杭州)信息技术有限公司 Log certificate storing and log verifying method and device suitable for privacy calculation
CN115766165A (en) * 2022-11-08 2023-03-07 鼎铉商用密码测评技术(深圳)有限公司 Log processing method, log processing device and storage medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115118507A (en) * 2022-06-29 2022-09-27 支付宝(杭州)信息技术有限公司 Log certificate storing and log verifying method and device suitable for privacy calculation
CN115118507B (en) * 2022-06-29 2023-09-08 支付宝(杭州)信息技术有限公司 Log evidence-storing and log verification method and device suitable for privacy calculation
CN115766165A (en) * 2022-11-08 2023-03-07 鼎铉商用密码测评技术(深圳)有限公司 Log processing method, log processing device and storage medium
CN115766165B (en) * 2022-11-08 2023-10-27 鼎铉商用密码测评技术(深圳)有限公司 Log processing method, device and storage medium

Similar Documents

Publication Publication Date Title
US11424935B2 (en) Tampering detection system and method for detecting tampering
CN108334753B (en) Pirate application verification method and distributed server node
CN111163182B (en) Block chain-based device registration method and apparatus, electronic device, and storage medium
US9270467B1 (en) Systems and methods for trust propagation of signed files across devices
CN111914303B (en) Security measurement and security verification method for Linux system running state
CN112711570A (en) Log information processing method and device, electronic equipment and storage medium
US20130347109A1 (en) Techniques for Detecting Program Modifications
CN111033506A (en) Edit script verification with match and difference operations
US10853197B2 (en) Data recovery with authenticity
CN110830257B (en) File signature method and device, electronic equipment and readable storage medium
CN109255232B (en) Software loading method and software loading device
CN109145651B (en) Data processing method and device
CN111444547A (en) Method, apparatus and computer storage medium for data integrity attestation
CN109033818B (en) Terminal, authentication method, and computer-readable storage medium
CN113992431B (en) Linkage blocking method and device, electronic equipment and storage medium
US11269540B2 (en) Method, apparatus, and computer program product for managing application system
CN112713996A (en) Fault verification method based on block chain, server and terminal
CN110826034B (en) File signature method and device, electronic equipment and readable storage medium
CN116305322A (en) Program signature verification method and device, storage medium and electronic equipment
CN114491661A (en) Log tamper-proofing method and system based on block chain
CN110601957B (en) System private message checking method and device, electronic equipment and storage medium
CN115766166B (en) Log processing method, device and storage medium
CN111382054A (en) File-based test flow processing method and device and computer storage medium
CN111967043B (en) Method, device, electronic equipment and storage medium for determining data similarity
CN114245183B (en) Push data authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination