CN113900905A - Log monitoring method and device, electronic equipment and storage medium - Google Patents

Log monitoring method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN113900905A
CN113900905A CN202111268111.7A CN202111268111A CN113900905A CN 113900905 A CN113900905 A CN 113900905A CN 202111268111 A CN202111268111 A CN 202111268111A CN 113900905 A CN113900905 A CN 113900905A
Authority
CN
China
Prior art keywords
log
target application
alarm
monitoring
strategy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111268111.7A
Other languages
Chinese (zh)
Inventor
宋稼璐
胡继强
李昌柱
类铭辰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202111268111.7A priority Critical patent/CN113900905A/en
Publication of CN113900905A publication Critical patent/CN113900905A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/302Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3065Monitoring arrangements determined by the means or processing involved in reporting the monitored data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Quality & Reliability (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The disclosure provides a log monitoring method which can be applied to the field of finance or the field of computers. The log monitoring method is applied to a log monitoring management platform and comprises the following steps: acquiring a log monitoring request aiming at a target application, wherein the log monitoring request comprises the type of the target application; responding to the log monitoring request, and under the condition that the log acquisition template corresponding to the type of the target application is determined to exist, acquiring the log acquisition template corresponding to the type of the target application; deploying a log collection program on a target server associated with a target application, wherein the log collection program comprises a log collection template; and collecting the log data of the target application by using a log collection program so as to monitor the log data of the target application. The present disclosure also provides a log monitoring apparatus, a device, a storage medium and a program product.

Description

Log monitoring method and device, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of finance and computer technology, and more particularly, to a log monitoring method, apparatus, device, medium, and program product.
Background
The open platform problem diagnosis needs to pay attention to the operation conditions of various system software such as an operating system, middleware, a database, multipath and the like, and along with the continuous increase of the scale of a data center server, the system software, the database, the middleware and the like are rapidly increased at the same time, and the quantity of the software needing to be monitored is increased more and more.
In carrying out the inventive concept of the present disclosure, the inventors found that at least the following problems exist in the related art: the operation and maintenance of the log monitoring software adopting a locally deployed scheme are complex, and the log monitoring software cannot meet the log monitoring working requirement of a server in a large scale.
Disclosure of Invention
In view of the above, the present disclosure provides a log monitoring method, apparatus, device, medium, and program product.
According to a first aspect of the present disclosure, there is provided a log monitoring method applied to a log monitoring management platform, including:
acquiring a log monitoring request aiming at a target application, wherein the log monitoring request comprises the type of the target application;
responding to the log monitoring request, and acquiring a log collection template corresponding to the type of the target application under the condition that the log collection template corresponding to the type of the target application is determined to exist;
deploying a log collection program on a target server associated with the target application, wherein the log collection program comprises the log collection template;
and collecting the log data of the target application by using the log collection program so as to monitor the log data of the target application.
According to an embodiment of the present disclosure, the log monitoring method further includes,
in response to the log monitoring request, in a case where it is determined that there is no log collection template corresponding to the type of the target application, customizing the log collection template corresponding to the type of the target application.
According to an embodiment of the present disclosure, the log monitoring method further includes:
monitoring the log data of the target application;
and sending an alarm notification to a notification receiving end under the condition that the log data of the target application meets the alarm strategy corresponding to the target application.
According to an embodiment of the present disclosure, the monitoring the log data of the target application includes:
acquiring the alarm strategy corresponding to the target application from a monitoring strategy library of the log monitoring management platform;
and matching the log data of the target application with the alarm strategy.
According to an embodiment of the present disclosure, in the case that the log data of the target application satisfies an alarm policy corresponding to the target application, sending an alarm notification to a notification receiving end includes:
matching the collected log data of the target application with the alarm strategy corresponding to the target application;
if the matching result is yes, generating alarm content according to the matching result;
combining the alarm contents to form the alarm notification;
and sending the alarm notification to the notification receiving end.
According to an embodiment of the present disclosure, the combining the alert contents to form the alert notification includes:
determining a combination strategy of the alarm content according to the configuration information of the target application;
and combining the alarm contents according to the combination strategy to form an alarm notice.
According to the embodiment of the disclosure, the alarm strategy corresponding to the target application is customized according to the configuration information of the target application.
According to an embodiment of the present disclosure, the alarm policy includes one or more of the following: whether a keyword strategy is contained, whether a blacklist strategy is met, and whether a frequency alarm strategy is met.
According to an embodiment of the present disclosure, the log monitoring method further includes,
analyzing the log data of the target application to generate an analysis result corresponding to the target application;
and displaying the analysis result by adopting a display view corresponding to the target application.
A second aspect of the present disclosure provides a log monitoring apparatus, including:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a log monitoring request aiming at a target application, and the log monitoring request comprises the type of the target application;
a second obtaining module, configured to, in response to the log monitoring request, obtain, in a case where it is determined that there is a log collection template corresponding to a type of the target application, the log collection template corresponding to the type of the target application;
a deployment module, configured to deploy a log collection program on a target server associated with the target application, where the log collection program includes the log collection template;
and the acquisition module is used for acquiring the log data of the target application by using the log acquisition program so as to monitor the log data of the target application.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the log monitoring method described above.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described log monitoring method.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the above-described log monitoring method.
According to the embodiment of the disclosure, whether a log monitoring management platform has a log acquisition template corresponding to the type of a target application is determined by acquiring the type of the target application in a log monitoring request for the target application, and the log acquisition template is acquired under the condition that the log acquisition template corresponding to the type of the target application exists; and then deploying a log collection program containing a log collection template on a target server associated with the target application, and then collecting the log data of the target application by using the log collection program so as to monitor the log data of the target application. According to the log monitoring management method and device, the log monitoring management platform is adopted, the same log acquisition template and the same log acquisition program can be adopted for batch deployment of the applications of the same type, unified management of deployment and log monitoring of the log acquisition program of the applications is achieved, deployment efficiency and operation and maintenance efficiency are improved, and the log monitoring management method and device are suitable for log monitoring work requirements of servers in a large scale.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, which proceeds with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario diagram of a log monitoring method, apparatus, device, medium and program product according to embodiments of the disclosure;
FIG. 2 schematically illustrates a flow diagram of a log monitoring method according to an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow chart of a method for matching log data with an alarm policy to generate alarm content;
FIG. 4 is a flow diagram schematically illustrating a method of generating an alert notification by alert content combination;
FIG. 5 schematically illustrates a flow diagram of a log monitoring method according to another embodiment of the present disclosure;
FIG. 6 schematically shows a block diagram of a log monitoring apparatus according to an embodiment of the present disclosure; and
fig. 7 schematically shows a block diagram of an electronic device adapted to implement a log monitoring method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
In recent years, the scale of data center servers shows explosive growth, such as the X86 open platform system with the fastest growth, and the number of various types of linux (an operating system) system software, databases, middleware and the like synchronously shows explosive growth. The problem diagnosis of the open platform needs to pay attention to the running conditions of various system software such as an operating system, middleware, a database, multipath and the like. The traditional log monitoring software adopts a scheme of local deployment and strategy configuration, is complex in operation and maintenance and simple in strategy, and cannot meet the log monitoring working requirement of a server in a large scale. Therefore, a centralized management log monitoring method is needed to meet the requirements of large-scale log monitoring and the requirements of quickly finding hidden dangers and actively solving production problems in a data center.
The embodiment of the disclosure provides a log monitoring method applied to a log monitoring management platform, which includes: acquiring a log monitoring request aiming at a target application, wherein the log monitoring request comprises the type of the target application; responding to the log monitoring request, and under the condition that the log acquisition template corresponding to the type of the target application is determined to exist, acquiring the log acquisition template corresponding to the type of the target application; deploying a log collection program on a target server associated with a target application, wherein the log collection program comprises a log collection template; and collecting the log data of the target application by using a log collection program so as to monitor the log data of the target application.
It should be noted that the log monitoring method and apparatus of the embodiment of the present disclosure may be used in the financial field and the computer technology field, and may also be used in any technical field except the financial field and the computer technology field, and the application field of the log monitoring method and apparatus of the present disclosure is not limited.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the personal information of the related user all accord with the regulations of related laws and regulations, necessary security measures are taken, and the customs of the public order is not violated.
Fig. 1 schematically illustrates an application scenario diagram of a log monitoring method, apparatus, device, medium, and program product according to embodiments of the present disclosure.
As shown in fig. 1, the application scenario 100 according to this embodiment may include a network, a terminal device, and a server. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and perform other processing on the received data such as the user request, and feed back a processing result (e.g., a webpage, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the log monitoring method provided by the embodiment of the present disclosure may be generally executed by the server 105. Accordingly, the log monitoring apparatus provided by the embodiment of the present disclosure may be generally disposed in the server 105. The log monitoring method provided by the embodiment of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the log monitoring apparatus provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The log monitoring method of the disclosed embodiment will be described in detail below with reference to fig. 2 to 5 based on the scenario described in fig. 1.
Fig. 2 schematically shows a flow chart of a log monitoring method according to an embodiment of the present disclosure.
As shown in fig. 2, the log monitoring method of this embodiment is applied to a log monitoring management platform, and the method includes operations S210 to S240.
In operation S210, a log monitoring request for a target application is obtained, where the log monitoring request includes a type of the target application.
According to an embodiment of the present disclosure, the type of target application may include, for example, database software, communication software, kafka, and the like. The database software may include, for example, an oracle database and the messenger software may include, for example, MQ instant messenger software. Wherein, kafka is an open source stream processing platform, and oracle database is a database management system.
In operation S220, in response to the log monitoring request, in case it is determined that there is a log collection template corresponding to the type of the target application, a log collection template corresponding to the type of the target application is acquired.
According to the embodiment of the disclosure, different types of target applications correspond to different log collection templates, and the same type of target application can adopt the same middle log collection template. The log collection templates may include, for example, dedicated collection templates, generic collection templates, custom collection templates, and the like. The dedicated acquisition template may include, for example, a dedicated acquisition template corresponding to an oracle database, mq instant messaging software, kafka, and other standardized deployed software products. The universal acquisition template may include, for example, providing a universal acquisition template for a self-research application that can normalize the output. The customized acquisition template may include, for example, a customized acquisition template for a particular software.
In operation S230, a log collection program is deployed on a target server associated with a target application, wherein the log collection program contains a log collection template.
According to embodiments of the present disclosure, a target server associated with a target application may include, for example, a target application deployed on a target server.
According to the embodiment of the present disclosure, the target server associated with the target application may include one or more servers, for example.
In operation S240, log data of the target application is collected by using a log collection program so as to monitor the log data of the target application.
The method has the advantages that the log collection programs are uniformly deployed for the target servers, batch deployment is achieved, meanwhile, logs on the target servers are collected in a centralized mode through the uniform log collection programs, centralized monitoring and management of the logs are facilitated, deployment efficiency and operation and maintenance efficiency are improved, and accordingly the method can meet log monitoring work requirements of the servers in a large scale.
According to an embodiment of the present disclosure, the log monitoring method further includes,
in response to the log monitoring request, in the event that it is determined that there is no log collection template corresponding to the type of the target application, customizing a log collection template corresponding to the type of the target application.
According to the embodiment of the disclosure, the log collection program further comprises a warehousing strategy corresponding to the target application type, so that centralized warehousing and classified warehousing of log data are facilitated.
According to an embodiment of the present disclosure, the log monitoring method further includes:
monitoring log data of a target application;
and sending an alarm notification to a notification receiving end under the condition that the log data of the target application meets an alarm strategy corresponding to the target application.
According to an embodiment of the present disclosure, a notification receiving end is configured to receive an alert notification. Sending an alert notification to the notification receiver may notify the intended recipient, for example, by mail, or to a third party monitoring platform.
According to an embodiment of the present disclosure, monitoring log data of a target application includes:
acquiring an alarm strategy corresponding to a target application from a monitoring strategy library of a log monitoring management platform;
and matching the log data of the target application with the alarm strategy.
According to the embodiment of the disclosure, the monitoring strategy library is used for centralized management of various log alarm strategies, configuration difference and consumption of a target server are minimized, and flexibility of alarm strategy adjustment is guaranteed. A stream processing frame is adopted for making a monitoring strategy, so that the accuracy of log monitoring and the timeliness of alarming are ensured; and the monitoring strategy execution and the foreground page of the log monitoring management platform are decoupled, so that the stability of the log monitoring management platform is ensured.
The types of alert policies may include, for example, keywords, black and white lists, frequency, message volume mutation, and the like.
According to the embodiment of the disclosure, matching the log data of the target application with the alarm policy may include, for example, sequentially matching the log data of the target application with keywords, black and white lists, frequencies, and message volume mutations in the alarm policy.
According to embodiments of the present disclosure, an alert policy may include, for example, elements such as trigger conditions, levels, contacts, notification descriptions, and the like.
For example, alert content is generated by alert log keyword monitoring, the alert content is aggregated according to server dimensions, meanwhile, an interface is provided for detailed information query, and a standby machine is automatically added into a blacklist for filtering. And sending a mail notification when monitoring, cluster parts report errors or log data burst occurs, aggregating according to application dimensions, and executing interrupt error reporting mail notification to an application maintenance department when statements occur.
According to the embodiment of the present disclosure, sending an alarm notification to a notification receiving end when log data of a target application satisfies an alarm policy corresponding to the target application includes:
matching the collected log data of the target application with an alarm strategy corresponding to the target application;
if the matching result is yes, generating alarm content according to the matching result;
combining the alarm contents to form an alarm notification;
and sending an alarm notification to a notification receiving end.
According to an embodiment of the present disclosure, the alarm policy includes one or more of: whether a keyword strategy is contained, whether a blacklist strategy is met, and whether a frequency alarm strategy is met.
FIG. 3 schematically illustrates a flowchart of a method for matching log data with an alarm policy to generate alarm content.
As shown in fig. 3, the method includes operations S310 to S380.
In operation S310, log data is acquired so as to match the log data with an alarm policy.
In operation S320, it is determined whether the log data of operation S310 includes an abnormal keyword, and in case that the log data includes the abnormal keyword, operation S330 is performed, and in case that the log data does not include the abnormal keyword, operation S340 is performed.
In operation S330, alarm content including the abnormal keyword is generated according to the abnormal keyword, and then operation S340 is performed.
In operation S340, it is determined whether the log data of operation S310 satisfies the black and white list, and in case that the log data satisfies the black and white list, operation S350 is performed, and in case that the log data does not satisfy the black and white list, operation S360 is performed.
In operation S350, the alert contents including the black and white list are generated, and then operation S360 is performed.
In operation S360, it is determined whether the log data of operation S310 satisfies the frequency alert policy, and in case that the log data satisfies the frequency alert policy, operation S370 is performed, and in case that the log data does not satisfy the frequency alert policy, operation S380 is performed.
In operation S370, alert contents including a frequency are generated.
In operation S380, no alarm is required.
According to an embodiment of the present disclosure, combining alert content to form an alert notification includes:
determining a combination strategy of the alarm content according to the configuration information of the target application;
and combining the alarm contents according to the combination strategy to form the alarm notice.
According to an embodiment of the present disclosure, the configuration information of the target application may include, for example, an application name, an application level, a node high availability configuration, and the like.
According to the embodiment of the disclosure, an alarm strategy general model is adopted, and the combination strategy of the alarm content corresponding to the target application is determined according to the configuration information of the target application.
The alarm policy generic model may include, for example, whether aggregation by application category is required, whether aggregation by high availability mode is required, whether aggregation by preset holiday policies and other specific aggregation policies are required, and so on. For example, for different monitoring objects, judgment conditions may be added in sequence from whether aggregation is needed according to application types, whether aggregation is needed according to a high availability mode, whether aggregation is performed according to a preset holiday policy, and whether aggregation is performed by other specific aggregation policies, and finally, aggregation modes in which the judgment result of each judgment condition is yes are combined to form a combination policy of alarm content.
For example, for a certain kind of monitoring object, it is determined according to the configuration information that aggregation is required according to the application kind and aggregation is required according to the high availability mode, and there is no preset holiday policy, the formed combination policy may be to aggregate the alarm content according to the application kind and the high availability mode.
For another example, for the middleware alarm, when a plurality of servers provided with the application A have faults, a plurality of alarm notifications generated by the plurality of servers are combined into one alarm notification, namely, the alarm notifications are aggregated according to the application types; when only the standby machine is abnormal, the alarm is reduced by one level, namely the polymerization is carried out according to the high availability; and (4) not alarming on the appointed holiday, namely aggregating according to a preset holiday strategy.
According to the embodiment of the disclosure, the alarm strategy corresponding to the target application is customized according to the configuration information of the target application.
FIG. 4 schematically illustrates a flow chart of a method for generating an alert notification by alert content combination.
As shown in fig. 4, the method includes operations S410 to S460.
In operation S410, alert contents and configuration information of a target application are acquired.
In operation S420, whether the alert contents in operation S410 need to be aggregated by application category is matched, and in case that it is determined that the alert contents need to be aggregated by application category, operation S450 is performed, and in case that it is determined that the alert contents do not need to be aggregated by application category, operation S430 is performed.
In operation S430, whether the alert contents in operation S410 need to be aggregated in a high availability mode is matched, and in case it is determined that the alert contents need to be aggregated in a high availability mode, operation S450 is performed, and in case it is determined that the alert contents do not need to be aggregated in a high availability mode, operation S440 is performed.
In operation S440, it is matched whether the alert contents in operation S410 need to be aggregated by the special event holiday aggregation policy, in case that it is determined that the alert contents need to be aggregated by the special event holiday aggregation policy, operation S450 is performed, and in case that it is determined that the alert contents do not need to be aggregated by the special event holiday aggregation policy, operation S460 is performed.
In operation S450, if any one of the matching results in operation S420, operation S430, and operation S440 is yes, the aggregation manner in which the matching result is yes is used as the combination policy. For example, if the matching result in operation S420 is yes, the matching result in operation S430 is yes, and the matching result in operation S440 is no, the alarm contents are combined by using the aggregation by application category and the aggregation by high availability mode as the combination policy. If the matching result in operation S420 is yes, the matching result in operation S430 is no, and the matching result in operation S440 is no, the alarm contents are combined by aggregating the application types as a combination policy.
In operation S460, the matching is ended.
Fig. 5 schematically shows a flow chart of a log monitoring method according to another embodiment of the present disclosure.
As shown in fig. 5, the log monitoring method according to the embodiment of the present disclosure includes operations S250 to S260 in addition to operations S210 to S240.
In operation S250, the log data of the target application is analyzed, and an analysis result corresponding to the target application is generated.
In operation S260, the analysis result is displayed using a display view corresponding to the target application.
According to the embodiment of the disclosure, the display view may include, for example, a comprehensive view for the target application, and the comprehensive view may include, for example, information about frequency, distribution, and the like of occurrence of an anomaly, and may be used for problem cause analysis, health level overview of the maintained system, and as a basis for adjustment of daily operation and maintenance parameters and alarm strategies.
According to the embodiment of the disclosure, the display view may further include a global view, for example, the global view may include information such as an operation parameter of the log monitoring management platform, so that an administrator of the log monitoring management platform can conveniently master the operation condition and the health degree of the log monitoring management platform.
Based on the log monitoring method, the disclosure also provides a log monitoring device. The apparatus will be described in detail below with reference to fig. 6.
Fig. 6 schematically shows a block diagram of a log monitoring apparatus according to an embodiment of the present disclosure.
As shown in fig. 6, the log monitoring apparatus 600 of this embodiment is applied to a log monitoring management platform, and the log monitoring apparatus 600 includes a first obtaining module 610, a second obtaining module 620, a deploying module 630, and a collecting module 640.
The first obtaining module 610 is configured to obtain a log monitoring request for a target application, where the log monitoring request includes a type of the target application. In an embodiment, the first obtaining module 610 may be configured to perform the operation S210 described above, which is not described herein again.
The second obtaining module 620 is configured to, in response to the log monitoring request, obtain a log collection template corresponding to the type of the target application if it is determined that the log collection template corresponding to the type of the target application exists. In an embodiment, the second obtaining module 620 may be configured to perform the operation S220 described above, which is not described herein again.
The deployment module 630 is configured to deploy a log collection program on a target server associated with the target application, wherein the log collection program contains the log collection template. In an embodiment, the deployment module 630 may be configured to perform the operation S230 described above, which is not described herein again.
The collecting module 640 is configured to collect the log data of the target application by using the log collecting program, so as to monitor the log data of the target application. In an embodiment, the collecting module 640 may be configured to perform the operation S240 described above, which is not described herein again.
According to an embodiment of the present disclosure, the log monitoring apparatus further includes a customization module.
And the customizing module is used for responding to the log monitoring request, and customizing the log collecting template corresponding to the type of the target application under the condition that the log collecting template corresponding to the type of the target application is determined not to exist.
According to the embodiment of the disclosure, the log monitoring device further comprises a monitoring module and an alarm module.
And the monitoring module is used for monitoring the log data of the target application.
And the alarm module is used for sending an alarm notification to the notification receiving end under the condition that the log data of the target application meets the alarm strategy corresponding to the target application.
According to an embodiment of the present disclosure, a monitoring module includes an acquisition unit and a matching unit.
And the acquisition unit is used for acquiring the alarm strategy corresponding to the target application from the monitoring strategy library of the log monitoring management platform.
And the first matching unit is used for matching the log data of the target application with the alarm strategy.
According to an embodiment of the present disclosure, an alarm module includes a second matching unit, a generating unit, a combining unit, and an alarm unit.
And the second matching unit is used for matching the acquired log data of the target application with the alarm strategy corresponding to the target application.
And the generating unit is used for generating the alarm content according to the matching result under the condition that the matching result is yes.
And the combining unit is used for combining the alarm contents to form the alarm notice.
And the alarm unit is used for sending an alarm notification to the notification receiving end.
According to an embodiment of the present disclosure, the combination unit includes a determination subunit and a combination subunit.
And the determining subunit is used for determining the combination strategy of the alarm content according to the configuration information of the target application.
And the combination subunit is used for combining the alarm contents according to the combination strategy to form the alarm notification.
According to the embodiment of the disclosure, the alarm strategy corresponding to the target application is customized according to the configuration information of the target application.
According to an embodiment of the present disclosure, the alarm policy includes one or more of: whether a keyword strategy is contained, whether a blacklist strategy is met, and whether a frequency alarm strategy is met.
According to the embodiment of the disclosure, the log monitoring device further comprises an analysis module and a display module.
And the analysis module is used for analyzing the log data of the target application and generating an analysis result corresponding to the target application.
And the display module is used for displaying the analysis result by adopting a display view corresponding to the target application.
According to the embodiment of the disclosure, various different log monitoring of an operating system, middleware, a database and the like is realized through a unified log monitoring management platform. A set of universal configuration information is formed by associating application configuration information, and the output of a monitoring result is realized through a unified alarm module.
According to the embodiment of the disclosure, the log monitoring device further comprises an interface module, which is used for realizing the butt joint with a command execution tool, a monitoring system and a platform portal system, and realizing the functions of collecting task automation, log monitoring exception notification, exception log output and the like.
The log monitoring and management platform disclosed by the invention realizes full coverage of a log monitoring range, and solves the problem that the log monitoring of an open platform system is difficult to manage after a data center is scaled. And the log monitoring management platform is non-invasive to the system software.
The log monitoring method has popularization and can be popularized to various platform system log monitoring works with similar requirements.
The newly added log monitoring strategy provided by the disclosure has the characteristics of rapid deployment and adjustment, only the related acquisition template and the monitoring strategy need to be developed, the complex program development deployment and adjustment work of acquisition deployment, strategy updating, alarm notification and the like is saved, and the rapid online and strategy rapid adjustment of log monitoring is realized.
According to the technical scheme, the log monitoring result is analyzed, the adjustment of the monitoring strategy and the improvement of operation and maintenance work can be guided in turn, the log monitoring accuracy is improved, and the operation and maintenance capacity is improved.
According to an embodiment of the present disclosure, any plurality of the first obtaining module 610, the second obtaining module 620, the deploying module 630, and the collecting module 640 may be combined and implemented in one module, or any one of the modules may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the first obtaining module 610, the second obtaining module 620, the deploying module 630 and the acquiring module 640 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware and firmware, or implemented by a suitable combination of any several of them. Alternatively, at least one of the first acquisition module 610, the second acquisition module 620, the deployment module 630 and the acquisition module 640 may be at least partially implemented as a computer program module, which when executed, may perform a corresponding function.
Fig. 7 schematically shows a block diagram of an electronic device adapted to implement a log monitoring method according to an embodiment of the present disclosure.
As shown in fig. 7, an electronic device 700 according to an embodiment of the present disclosure includes a processor 701, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. The processor 701 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 701 may also include on-board memory for caching purposes. The processor 701 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 703, various programs and data necessary for the operation of the electronic apparatus 700 are stored. The processor 701, the ROM 702, and the RAM 703 are connected to each other by a bus 704. The processor 701 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 702 and/or the RAM 703. It is noted that the programs may also be stored in one or more memories other than the ROM 702 and RAM 703. The processor 701 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
Electronic device 700 may also include input/output (I/O) interface 705, which input/output (I/O) interface 705 is also connected to bus 704, according to an embodiment of the present disclosure. The electronic device 700 may also include one or more of the following components connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted into the storage section 708 as necessary.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 702 and/or the RAM 703 and/or one or more memories other than the ROM 702 and the RAM 703 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method illustrated in the flow chart. When the computer program product runs in a computer system, the program code is used for causing the computer system to realize the item recommendation method provided by the embodiment of the disclosure.
The computer program performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure when executed by the processor 701. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of a signal on a network medium, distributed, downloaded and installed via the communication section 709, and/or installed from the removable medium 711. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. The computer program, when executed by the processor 701, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (13)

1. A log monitoring method is applied to a log monitoring management platform and comprises the following steps:
acquiring a log monitoring request aiming at a target application, wherein the log monitoring request comprises the type of the target application;
in response to the log monitoring request, under the condition that a log collection template corresponding to the type of the target application is determined to exist, acquiring the log collection template corresponding to the type of the target application;
deploying a log collection program on a target server associated with the target application, wherein the log collection program contains the log collection template;
and collecting the log data of the target application by using the log collection program so as to monitor the log data of the target application.
2. The method of claim 1, further comprising,
in response to the log monitoring request, in the event that it is determined that there is no log collection template corresponding to the type of the target application, customizing the log collection template corresponding to the type of the target application.
3. The method of claim 1, further comprising:
monitoring the log data of the target application;
and sending an alarm notification to a notification receiving end under the condition that the log data of the target application meets an alarm strategy corresponding to the target application.
4. The method of claim 3, wherein the monitoring log data of the target application comprises:
acquiring the alarm strategy corresponding to the target application from a monitoring strategy library of the log monitoring management platform;
and matching the log data of the target application with the alarm strategy.
5. The method of claim 3, wherein the sending an alert notification to a notification receiver in the event that log data of the target application satisfies an alert policy corresponding to the target application comprises:
matching the collected log data of the target application with the alarm strategy corresponding to the target application;
if the matching result is yes, generating alarm content according to the matching result;
combining the alert content to form the alert notification;
and sending the alarm notification to the notification receiving end.
6. The method of claim 5, wherein the combining the alert content to form the alert notification comprises:
determining a combination strategy of the alarm content according to the configuration information of the target application;
and combining the alarm contents according to the combination strategy to form an alarm notice.
7. The method of claim 3, wherein the alarm policy corresponding to the target application is customized according to the configuration information of the target application.
8. The method of claim 3, wherein the alert policy comprises one or more of: whether a keyword strategy is contained, whether a blacklist strategy is met, and whether a frequency alarm strategy is met.
9. The method of claim 1, further comprising,
analyzing the log data of the target application to generate an analysis result corresponding to the target application;
and displaying the analysis result by adopting a display view corresponding to the target application.
10. A log monitoring device is applied to a log monitoring management platform and comprises:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a log monitoring request for a target application, and the log monitoring request comprises the type of the target application;
the second obtaining module is used for responding to the log monitoring request, and obtaining a log collecting template corresponding to the type of the target application under the condition that the log collecting template corresponding to the type of the target application is determined to be available;
a deployment module, configured to deploy a log collection program on a target server associated with the target application, where the log collection program includes the log collection template;
and the acquisition module is used for acquiring the log data of the target application by using the log acquisition program so as to monitor the log data of the target application.
11. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-9.
12. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method of any one of claims 1 to 9.
13. A computer program product comprising a computer program which, when executed by a processor, implements a method according to any one of claims 1 to 9.
CN202111268111.7A 2021-10-28 2021-10-28 Log monitoring method and device, electronic equipment and storage medium Pending CN113900905A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111268111.7A CN113900905A (en) 2021-10-28 2021-10-28 Log monitoring method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111268111.7A CN113900905A (en) 2021-10-28 2021-10-28 Log monitoring method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN113900905A true CN113900905A (en) 2022-01-07

Family

ID=79027622

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111268111.7A Pending CN113900905A (en) 2021-10-28 2021-10-28 Log monitoring method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113900905A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115098450A (en) * 2022-05-16 2022-09-23 上海维信荟智金融科技有限公司 Method, device and medium for log monitoring

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115098450A (en) * 2022-05-16 2022-09-23 上海维信荟智金融科技有限公司 Method, device and medium for log monitoring

Similar Documents

Publication Publication Date Title
CN115587575A (en) Data table creation method, target data query method, device and equipment
CN113900834A (en) Data processing method, device, equipment and storage medium based on Internet of things technology
CN114461434A (en) Fault root cause analysis method, device, electronic equipment and medium
CN115422003A (en) Data quality monitoring method and device, electronic equipment and storage medium
CN114116429A (en) Abnormal log collection method, device, equipment, medium and product
CN113900905A (en) Log monitoring method and device, electronic equipment and storage medium
CN113495825A (en) Line alarm processing method and device, electronic equipment and readable storage medium
CN114500318B (en) Batch operation monitoring method, device, equipment and medium
CN116302561A (en) State control method, device, equipment and storage medium for application instance
CN115033574A (en) Information generation method, information generation device, electronic device, and storage medium
CN113487224A (en) Content processing method, apparatus, device, medium, and program product
CN113762910A (en) Document monitoring method and device
CN115499292B (en) Alarm method, device, equipment and storage medium
CN116401138B (en) Operating system running state detection method and device, electronic equipment and medium
CN110554942A (en) method and device for monitoring code execution
CN115525362B (en) Parameter changing method and device based on kernel parameter adjusting platform of operating system
CN115190008B (en) Fault processing method, fault processing device, electronic equipment and storage medium
CN115237391A (en) Method, device, electronic equipment and medium for generating script
CN116775307A (en) Service processing method, device, equipment and storage medium
CN114048056A (en) Root cause positioning method, apparatus, device, medium, and program product
CN115687284A (en) Information processing method, device, equipment and storage medium
CN115686895A (en) Database abnormality diagnosis method, apparatus, device, medium, and program product
CN117573478A (en) Performance monitoring method, device, apparatus, medium and program product
CN116302893A (en) Device performance evaluation method and device, electronic device and storage medium
CN117201352A (en) Service resource running state detection method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination