CN114143088B - Network fault diagnosis method, device, equipment and computer readable storage medium - Google Patents
Network fault diagnosis method, device, equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN114143088B CN114143088B CN202111449428.0A CN202111449428A CN114143088B CN 114143088 B CN114143088 B CN 114143088B CN 202111449428 A CN202111449428 A CN 202111449428A CN 114143088 B CN114143088 B CN 114143088B
- Authority
- CN
- China
- Prior art keywords
- network security
- fault
- network
- policy
- effective
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000003745 diagnosis Methods 0.000 title claims abstract description 24
- 238000001514 detection method Methods 0.000 claims description 45
- 238000012216 screening Methods 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 description 9
- 238000012545 processing Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a network fault diagnosis method, a device, equipment and a computer readable storage medium, wherein by acquiring session parameter information of a fault network, effective network security policies with policy contents referencing the session parameter information are screened out from network security policies currently adopted by the fault network, and the fault information of the fault network is determined according to the effective network security policies.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a network fault diagnosis method, apparatus, device, and computer readable storage medium.
Background
With increasing importance of people on information transmission safety on public networks, requirements on data safety transmission are increasing, and various safety technologies are rapidly developed. In a communication system, in order to ensure the security of a service, a base station configures a security policy function required by networking, thereby realizing comprehensive security protection. However, in most of the actual environment topologies, the situation of policy misinformation is unavoidable, so that the user terminal cannot normally communicate, at this time, the processing flow and the processing action of each data packet are usually analyzed sequentially by the user, and finally the analysis result is output. The user deduces the fault cause one by checking the data message processing flow, thereby completing the fault positioning, the whole process needs to be manually participated, and the processing flow of each data packet is analyzed in sequence with large workload and low efficiency.
Disclosure of Invention
An object of the embodiments of the present application is to provide a network fault diagnosis method, apparatus, device, and computer readable storage medium, so as to solve the problem that the existing network fault location needs to check the data message processing flow manually and sequentially, resulting in low network fault location efficiency.
The embodiment of the application provides a network fault diagnosis method, which comprises the following steps:
acquiring session parameter information of a fault network;
screening out an effective network security policy with policy content referencing the session parameter information from the network security policies currently adopted by the fault network;
and determining fault information of the fault network according to the effective network security policy.
In the implementation process, the effective network security policy which is more likely to cause the current network fault is screened out according to the session parameter information of the fault network, the fault information of the fault network is determined according to the effective network security policy, and the key network security policy can be accurately positioned due to the fact that the network security policy range to be checked is narrowed by utilizing the session parameter information, so that the fault positioning efficiency is improved to a certain extent.
Further, the session parameter information includes at least one of source IP address information, destination IP address information, source port information, destination port information, and transport layer protocol information.
In the implementation process, policy screening is performed according to at least one of the IP address information, the destination IP address information, the source port information, the destination port information and the transport layer protocol information, so that the policy causing network failure is ensured, and the validity and the reliability of a screening result are ensured in the screened effective network security policy.
Further, the determining the fault information of the fault network according to the effective network security policy includes:
screening a target network security policy with log records from the effective network security policies;
and determining fault information of the fault network according to the target network security policy.
In the implementation process, the target network security policy with log records is screened from the effective network security policies, so that the network security policy range to be checked is further narrowed, and the network fault positioning efficiency is improved to a greater extent.
Further, the screening the target network security policy with the log record from the effective network security policies includes:
determining a detection sequence of each effective network security policy according to at least one of the session parameter information cited in each effective network security policy and the data message matching priority in the security engine module corresponding to each effective network security policy;
and sequentially judging whether the corresponding effective network security policies have corresponding log records according to the detection sequence, if so, taking the effective network security policies as target network security policies, and if not, continuing to detect the next effective network security policies.
In the implementation process, the policy detection sequence is determined through at least one of session parameter information and the matching priority of the data messages in the security engine module, the rationality of the detection sequence is ensured, and the security policy causing network failure is determined more quickly.
Further, the determining the detection sequence of each effective network security policy according to at least one of the session parameter information referenced in each effective network security policy and the matching priority of the data packet in the security engine module corresponding to each effective network security policy includes:
taking the sequence from low to high of the variety number of the session parameter information referenced in each effective network security policy as the detection sequence of each effective network security policy;
or alternatively, the first and second heat exchangers may be,
the sequence of the data message matching priority from high to low in the security engine module corresponding to each effective network security policy is used as the detection sequence of each effective network security policy;
or alternatively, the first and second heat exchangers may be,
arranging each effective network security policy according to the sequence from high to low of the data message matching priority in the security engine module corresponding to each effective network security policy, rearranging the effective network security policies with the same data message matching priority according to the sequence from low to high of the types of the referenced session parameter information, and taking the final arrangement sequence as the detection sequence of each effective network security policy;
or alternatively, the first and second heat exchangers may be,
arranging each effective network security policy according to the sequence from low to high of the types of the session parameter information cited in each effective network security policy, rearranging the effective network security policies with the same types of the cited session parameter information according to the sequence from high to low of the matching priority of the data messages in the corresponding security engine module, and taking the final arrangement sequence as the detection sequence of each effective network security policy.
In the implementation process, the policy detection sequence is determined according to the type number of session parameter information quoted in the effective network security policy and/or the data message matching priority in the corresponding security engine module, so that the rationality and reliability of the detection sequence are ensured, and the network fault positioning efficiency is further improved.
Further, the determining the fault information of the fault network according to the target network security policy includes:
and sequentially closing the target network security policies in the fault network, judging whether the network fault problem of the fault network is solved after closing a certain target network security policy, if so, taking the target network security policy as a problem policy for causing network fault, and if not, continuously detecting the next target network security policy.
In the implementation process, whether the network fault problem is solved is judged by closing the target network security policies in sequence, so that a specific policy for causing the network fault is determined.
Further, the method further comprises:
after determining the problem policy of the fault network, analyzing the problem policy to obtain a network fault report, wherein the network fault report comprises at least one of information of the problem policy, information of a security engine module corresponding to the problem policy, network fault starting time information, network fault ending time information and log information hit by the session parameter information.
In the implementation process, the network fault report is generated so as to be convenient for a user to check, and the usability is improved.
The embodiment of the application also provides a network fault diagnosis device, which comprises:
the parameter information acquisition unit is used for acquiring session parameter information of the fault network;
an effective network security policy screening unit for screening the effective network security policies with policy contents referencing the session parameter information from the network security policies currently adopted by the fault network;
and the fault information determining unit is used for determining the fault information of the fault network according to the effective network security policy.
The embodiment of the application also provides equipment, which comprises a processor and a memory, wherein the memory stores a computer program, and the processor executes the computer program to realize the network fault diagnosis method of any one of the above.
There is also provided in an embodiment of the present application a computer-readable storage medium storing a computer program that, when executed by at least one processor, implements any one of the above-described network fault diagnosis methods.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a network fault diagnosis method according to an embodiment of the present application;
fig. 2 is a flow chart of a network fault diagnosis method according to a second embodiment of the present application;
fig. 3 is a schematic structural diagram of a network fault diagnosis device according to a third embodiment of the present application;
fig. 4 is a schematic structural diagram of an apparatus according to a fourth embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
Embodiment one:
in order to solve the problem that the existing network fault positioning needs to check the data message processing flow manually and sequentially, so that the network fault positioning efficiency is low, the embodiment of the application provides a network fault diagnosis method. Referring to fig. 1, fig. 1 is a schematic flow chart of a network fault diagnosis method provided in an embodiment of the present application, including:
s101: session parameter information of the failed network is obtained.
The session parameter in this embodiment refers to a parameter related to a network session, and optionally, the session parameter information includes at least one of source IP address information, destination IP address information, source port information, destination port information, and transport layer protocol information, and may include other information, such as interface index information, service type information, and so on, in other embodiments.
S102: and screening out the effective network security policies with the policy content referencing the session parameter information from the network security policies currently adopted by the fault network.
S103: and determining fault information of the fault network according to the effective network security policy.
In this embodiment, steps S101 to S103 may be performed by the terminal or may be performed by the server, or some steps may be performed by the terminal and some steps may be performed by the server.
In an exemplary step S103, to accurately locate the key node, a target network security policy with a log record may be first screened from the valid network security policies, and then fault information of the fault network may be determined according to the target network security policy.
The method for determining the fault information of the fault network according to the target network security policy may specifically be: and sequentially closing the target network security policies in the fault network, judging whether the network fault problem of the fault network is solved after closing a certain target network security policy, if so, taking the target network security policy as a problem policy for causing network fault, if not, opening the closed target network security policy, and continuously detecting the next target network security policy.
The target network security policy for which log records exist may be screened from the effective network security policies in this example according to the following manner, including:
determining the detection sequence of each effective network security policy according to at least one of session parameter information quoted in each effective network security policy and the matching priority of the data message in the security engine module corresponding to each effective network security policy; and then sequentially judging whether corresponding effective network security policies have corresponding log records according to the detection sequence, in the example, searching whether the corresponding log records exist in a database by using query sentences, marking the effective network security policies with the log records as target network security policies, if the corresponding log records exist, taking the effective network security policies as the target network security policies, and if not, continuing to detect the next effective network security policies.
Specifically, the detection sequence of each effective network security policy may be determined according to at least one of the number of types of session parameter information referenced in the effective network security policy, the total number of session parameter information, and the matching priority of data packets in the security engine module corresponding to each effective network security policy. It should be noted that, each security engine module may be preset with a data packet matching priority, so the detection order of the effective network security policy may be determined directly by using the data packet matching priority.
It should be noted that the manner in which the detection order of each valid network security policy is determined in this example includes, but is not limited to, any of the following manners:
mode one: the sequence from low to high according to the type number of the session parameter information referenced in each effective network security policy or the total number of the session parameter information referenced in each effective network security policy is used as the detection sequence of each effective network security policy.
Mode two: and taking the sequence of the data message matching priority from high to low in the security engine module corresponding to each effective network security policy as the detection sequence of each effective network security policy.
Mode three: and arranging the effective network security policies according to the sequence from high to low of the data message matching priority in the security engine module corresponding to the effective network security policies, aiming at the effective network security policies with the same data message matching priority, rearranging according to the sequence from low to high of the type number of the quoted session parameter information or the sequence from low to high of the total number of the quoted session parameter information, and taking the final arrangement sequence as the detection sequence of the effective network security policies.
Mode four: arranging the effective network security policies according to the sequence from low to high of the types of the referenced session parameter information or the sequence from low to high of the total quantity of the referenced session parameter information in the effective network security policies, rearranging the effective network security policies with the same types of the referenced session parameter information or the total quantity of the referenced session parameter information according to the sequence from high to low of the data message matching priority in the corresponding security engine module, and taking the final arrangement sequence as the detection sequence of the effective network security policies.
It may be appreciated that, in this example, the target network security policies in the faulty network may be sequentially closed according to the above detection sequence, that is, each time a target network security policy is determined, the fault information of the faulty network may be determined according to the target network security policy.
It should be noted that in other embodiments, the detection may be performed randomly, that is, whether the corresponding log records exist in the corresponding effective network security policies may be determined according to a random order.
In another exemplary step S103, fault location may also be performed directly according to the screened effective network security policy. The specific positioning process comprises the following steps: and sequentially closing the effective network security policies in the fault network, judging whether the network fault problem of the fault network is solved after closing a certain effective network security policy, if so, taking the effective network security policies as problem policies for causing network faults, and if not, opening the closed effective network security policies and continuously detecting the next effective network security policies. In this example, the effective network security policies may be closed in random sequence, or after determining the closing order of the effective network security policies, the effective network security policies may be closed in sequence according to the determined closing order.
The order in which the active network security policies are closed may be referred to above in determining the order of detection, namely: the closing sequence of each effective network security policy can be determined according to at least one of the type number of session parameter information referenced in the effective network security policy, the total number of session parameter information and the matching priority of the data messages in the security engine module corresponding to each effective network security policy, and the specific manner of determining the closing sequence is not repeated here.
In order to facilitate user's checking and improve usability, in this embodiment, after determining a problem policy of a failed network, the problem policy may be analyzed to generate a network failure report, where the network failure report in this embodiment includes at least one of information of the problem policy, information of a security engine module corresponding to the problem policy, information of a network failure start time, information of a network failure end time, and log information hit by session parameter information.
According to the network fault diagnosis method provided by the embodiment, the effective network security policies which are more likely to cause the current network fault are screened out according to the session parameter information of the fault network, the fault information of the fault network is determined according to the effective network security policies, and the key network security policies can be rapidly positioned due to the fact that the network security policy range to be checked is narrowed by utilizing the session parameter information, so that the fault positioning efficiency is improved to a certain extent, and in addition, the detection sequence is determined according to the session parameter information and the data message matching priority, so that the problem policies can be accurately and rapidly diagnosed.
Embodiment two:
in order to better understand the scheme provided by the invention, the embodiment provides a more specific scheme, in a networking environment with a firewall as a core, the firewall is configured with a complex network environment, when a network fault problem that a certain terminal cannot access a server occurs, the existing scheme generally includes that an inspector judges whether the network fault problem is blocked by the firewall by capturing a data packet, if the network fault problem is judged to be caused by the firewall, the inspector can only confirm the problem step by step according to a log and debug information, and can not quickly locate which policy is the blocking problem, and the scheme provided by the embodiment can intelligently complete fault investigation by combining quintuple information and priority traversal and log inquiry of a security engine module in the firewall, and the specific flow is shown in fig. 2, and includes:
s201: session parameter information of the failed network is obtained.
The session parameter information in this embodiment is quintuple information, including source IP address information, that is, the IP address of the access terminal with the network failure, destination IP address information, that is, the address of the server with blocked access, source port information, destination port information, and transport layer protocol information.
S202: and screening out the effective network security policies with the policy content referencing the session parameter information from the network security policies currently adopted by the fault network.
In step S202, network security policies may be searched through, and for each network security policy, policies hit with all session parameter information may be screened out as effective network security policies and stored in a temporary file.
S203: and arranging the effective network security policies according to the sequence from low to high of the types of the session parameter information referenced in the effective network security policies.
S204: aiming at the effective network security policies with the same types and numbers of the quoted session parameter information, rearranging the data message matching priority from high to low according to the corresponding security engine module, and taking the final arrangement sequence as the detection sequence of each effective network security policy.
S205: and sequentially judging whether corresponding log records exist in the corresponding effective network security policies according to the detection sequence, if so, turning to S206, and if not, turning to S210.
S206: and taking the effective network security policy as a target network security policy, and closing the target network security policy.
S207: judging whether the network fault problem of the fault network is solved, if so, turning to S208; if not, go to S211.
S208: and taking the target network security policy as a problem policy for causing network faults.
S209: and generating a network fault report according to the problem strategy.
S210: the next valid network security policy is detected.
S211: and recovering the closed target network security policy and detecting the next target network security policy.
Embodiment III:
referring to fig. 3, the present embodiment provides a network fault diagnosis apparatus, including:
a parameter information obtaining unit 301, configured to obtain session parameter information of the faulty network.
And an effective network security policy screening unit 302, configured to screen an effective network security policy with policy content referencing the session parameter information from network security policies currently adopted by the faulty network.
And the fault information determining unit 303 is configured to determine fault information of the faulty network according to the effective network security policy.
The session parameter in this embodiment refers to a parameter related to a network session, and optionally, the session parameter information includes at least one of source IP address information, destination IP address information, source port information, destination port information, and transport layer protocol information, and may include other information, such as interface index information, service type information, and so on, in other embodiments.
In one example, to precisely locate the critical node, the fault information determining unit 303 may first screen the target network security policy of the presence log record from the valid network security policies, then the fault information determining unit 303 determines the fault information of the fault network according to the target network security policy,
the manner in which the fault information determining unit 303 determines the fault information of the faulty network according to the target network security policy may specifically be: and sequentially closing the target network security policies in the fault network, judging whether the network fault problem of the fault network is solved after closing a certain target network security policy, if so, taking the target network security policy as a problem policy for causing network fault, if not, opening the closed target network security policy, and continuously detecting the next target network security policy.
The fault information determination unit 303 in this example may screen the target network security policy of the presence log record from the valid network security policies according to the following manner, including:
determining the detection sequence of each effective network security policy according to at least one of session parameter information quoted in each effective network security policy and the matching priority of the data message in the security engine module corresponding to each effective network security policy; and then sequentially judging whether corresponding effective network security policies have corresponding log records according to the detection sequence, in the example, searching whether the corresponding log records exist in a database by using query sentences, marking the effective network security policies with the log records as target network security policies, if the corresponding log records exist, taking the effective network security policies as the target network security policies, and if not, continuing to detect the next effective network security policies.
Specifically, the detection sequence of each effective network security policy may be determined according to at least one of the number of types of session parameter information referenced in the effective network security policy, the total number of session parameter information, and the matching priority of data packets in the security engine module corresponding to each effective network security policy. It should be noted that, each security engine module may be preset with a data packet matching priority, so the detection order of the effective network security policy may be determined directly by using the data packet matching priority.
It should be noted that the manner in which the failure information determining unit 303 determines the detection order of each effective network security policy in this example includes, but is not limited to, any one of the following manners:
mode one: the sequence from low to high according to the type number of the session parameter information referenced in each effective network security policy or the total number of the session parameter information referenced in each effective network security policy is used as the detection sequence of each effective network security policy.
Mode two: and taking the sequence of the data message matching priority from high to low in the security engine module corresponding to each effective network security policy as the detection sequence of each effective network security policy.
Mode three: and arranging the effective network security policies according to the sequence from high to low of the data message matching priority in the security engine module corresponding to the effective network security policies, aiming at the effective network security policies with the same data message matching priority, rearranging according to the sequence from low to high of the type number of the quoted session parameter information or the sequence from low to high of the total number of the quoted session parameter information, and taking the final arrangement sequence as the detection sequence of the effective network security policies.
Mode four: arranging the effective network security policies according to the sequence from low to high of the types of the referenced session parameter information or the sequence from low to high of the total quantity of the referenced session parameter information in the effective network security policies, rearranging the effective network security policies with the same types of the referenced session parameter information or the total quantity of the referenced session parameter information according to the sequence from high to low of the data message matching priority in the corresponding security engine module, and taking the final arrangement sequence as the detection sequence of the effective network security policies.
It may be appreciated that the fault information determining unit 303 of this example may sequentially close the target network security policies in the fault network according to the above detection order, that is, each time a target network security policy is determined, the fault information of the fault network may be determined according to the target network security policy.
It should be noted that, in other embodiments, the fault information determining unit 303 may also perform detection randomly, that is, determine whether the corresponding effective network security policy has a corresponding log record according to a random order.
In another example, the fault information determining unit 303 may also directly perform fault location according to the screened effective network security policy, specifically: and sequentially closing the effective network security policies in the fault network, judging whether the network fault problem of the fault network is solved after closing a certain effective network security policy, if so, taking the effective network security policies as problem policies for causing network faults, and if not, opening the closed effective network security policies and continuously detecting the next effective network security policies. In this example, the effective network security policies may be closed in random sequence, or after determining the closing order of the effective network security policies, the effective network security policies may be closed in sequence according to the determined closing order.
The order in which the active network security policies are closed may be referred to above in determining the order of detection, namely: the closing sequence of each effective network security policy can be determined according to at least one of the type number of session parameter information referenced in the effective network security policy, the total number of session parameter information and the matching priority of the data messages in the security engine module corresponding to each effective network security policy, and the specific manner of determining the closing sequence is not repeated here.
In order to facilitate user's checking and improve usability, in this embodiment, after determining a problem policy of a failed network, the problem policy may be analyzed to generate a network failure report, where the network failure report in this embodiment includes at least one of information of the problem policy, information of a security engine module corresponding to the problem policy, information of a network failure start time, information of a network failure end time, and log information hit by session parameter information.
Embodiment four:
based on the same inventive concept, this embodiment provides an apparatus, please refer to fig. 4, where the apparatus includes a processor 401 and a memory 402, a computer program is stored in the memory 402, the processor 401 and the memory 402 implement communication through a communication bus, and the processor 401 executes the computer program to implement each step of the network fault diagnosis method in the first embodiment and/or the second embodiment, which is not described herein again. It will be appreciated that the configuration shown in fig. 4 is merely illustrative, and that the apparatus may also include more or fewer components than shown in fig. 4, or have a different configuration than shown in fig. 4.
The processor 401 may be an integrated circuit chip having signal processing capabilities. The processor 401 may be a general-purpose processor, including a central processing unit (CentralProcessing Unit, CPU), a network processor (NetworkProcessor, NP), and the like; but may also be a Digital Signal Processor (DSP), application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. Which may implement or perform the various methods, steps, and logical blocks disclosed in embodiments of the present application. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Memory 402 may include, but is not limited to, random access Memory (Random Access Memory, RAM), read Only Memory (ROM), programmable Read Only Memory (Programmable Read-OnlyMemory, PROM), erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), electrically erasable Read Only Memory (Electrically Erasable Programmable Read-Only Memory, EEPROM), and the like.
The present embodiment also provides a computer readable storage medium, such as a floppy disk, an optical disk, a hard disk, a flash memory, a usb disk, an SD (Secure Digital Memory Card, secure digital Card) Card, an MMC (Multimedia Card) Card, or the like, in which one or more programs for implementing the foregoing steps are stored, and the one or more programs may be executed by the one or more processors 401, so as to implement the steps of the network fault diagnosis method in the foregoing first embodiment and/or the second embodiment, which will not be described herein.
The foregoing is merely exemplary embodiments of the present application and is not intended to limit the scope of the present application, and various modifications and variations may be suggested to one skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application.
Claims (8)
1. A network fault diagnosis method, comprising:
acquiring session parameter information of a fault network;
screening out an effective network security policy with policy content referencing the session parameter information from the network security policies currently adopted by the fault network;
screening a target network security policy with log records from the effective network security policies;
determining fault information of the fault network according to the target network security policy;
the determining the fault information of the fault network according to the target network security policy includes:
and sequentially closing the target network security policies in the fault network, judging whether the network fault problem of the fault network is solved after closing a certain target network security policy, if so, taking the target network security policy as a problem policy for causing network fault, and if not, continuously detecting the next target network security policy.
2. The network failure diagnosis method according to claim 1, wherein the session parameter information includes at least one of source IP address information, destination IP address information, source port information, destination port information, and transport layer protocol information.
3. The network fault diagnosis method of claim 1, wherein the screening the target network security policy of the presence log record from the valid network security policies comprises:
determining a detection sequence of each effective network security policy according to at least one of the session parameter information cited in each effective network security policy and the data message matching priority in the security engine module corresponding to each effective network security policy;
and sequentially judging whether the corresponding effective network security policies have corresponding log records according to the detection sequence, if so, taking the effective network security policies as target network security policies, and if not, continuing to detect the next effective network security policies.
4. The network fault diagnosis method according to claim 3, wherein said determining the detection order of each of the effective network security policies according to at least one of the session parameter information referenced in each of the effective network security policies and the data packet matching priority in the security engine module corresponding to each of the effective network security policies comprises:
taking the sequence from low to high of the variety number of the session parameter information referenced in each effective network security policy as the detection sequence of each effective network security policy;
or alternatively, the first and second heat exchangers may be,
the sequence of the data message matching priority from high to low in the security engine module corresponding to each effective network security policy is used as the detection sequence of each effective network security policy;
or alternatively, the first and second heat exchangers may be,
arranging each effective network security policy according to the sequence from high to low of the data message matching priority in the security engine module corresponding to each effective network security policy, rearranging the effective network security policies with the same data message matching priority according to the sequence from low to high of the types of the referenced session parameter information, and taking the final arrangement sequence as the detection sequence of each effective network security policy;
or alternatively, the first and second heat exchangers may be,
arranging each effective network security policy according to the sequence from low to high of the types of the session parameter information cited in each effective network security policy, rearranging the effective network security policies with the same types of the cited session parameter information according to the sequence from high to low of the matching priority of the data messages in the corresponding security engine module, and taking the final arrangement sequence as the detection sequence of each effective network security policy.
5. The network fault diagnosis method according to claim 1, wherein the method further comprises:
after determining the problem policy of the fault network, analyzing the problem policy to obtain a network fault report, wherein the network fault report comprises at least one of information of the problem policy, information of a security engine module corresponding to the problem policy, network fault starting time information, network fault ending time information and log information hit by the session parameter information.
6. A network failure diagnosis apparatus, comprising:
the parameter information acquisition unit is used for acquiring session parameter information of the fault network;
an effective network security policy screening unit for screening the effective network security policies with policy contents referencing the session parameter information from the network security policies currently adopted by the fault network;
and the fault information determining unit is used for screening out target network security policies with log records from the effective network security policies, sequentially closing the target network security policies in the fault network, judging whether the network fault problem of the fault network is solved after closing a certain target network security policy, if so, taking the target network security policy as a problem policy for causing network fault, and if not, continuously detecting the next target network security policy.
7. An apparatus comprising a processor and a memory, the memory having a computer program stored therein, the processor executing the computer program to implement the method of any of claims 1-5.
8. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by at least one processor, implements the method according to any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111449428.0A CN114143088B (en) | 2021-11-30 | 2021-11-30 | Network fault diagnosis method, device, equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111449428.0A CN114143088B (en) | 2021-11-30 | 2021-11-30 | Network fault diagnosis method, device, equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114143088A CN114143088A (en) | 2022-03-04 |
| CN114143088B true CN114143088B (en) | 2024-02-09 |
Family
ID=80386403
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111449428.0A Active CN114143088B (en) | 2021-11-30 | 2021-11-30 | Network fault diagnosis method, device, equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114143088B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067395A (en) * | 2012-12-31 | 2013-04-24 | 苏州山石网络有限公司 | Method and device for diagnosing network firewall |
| CN104268477A (en) * | 2014-09-26 | 2015-01-07 | 华为技术有限公司 | Safety control method and network device |
| CN106059931A (en) * | 2016-08-04 | 2016-10-26 | 杭州迪普科技有限公司 | Message forwarding method and device |
| CN106330506A (en) * | 2015-06-29 | 2017-01-11 | 华为技术有限公司 | Service fault location method and device |
| CN109802960A (en) * | 2019-01-08 | 2019-05-24 | 深圳中兴网信科技有限公司 | Firewall policy processing method and processing device, computer equipment and storage medium |
| CN112118261A (en) * | 2020-09-21 | 2020-12-22 | 杭州迪普科技股份有限公司 | Session violation access detection method and device |
| WO2021008028A1 (en) * | 2019-07-18 | 2021-01-21 | 平安科技(深圳)有限公司 | Network attack source tracing and protection method, electronic device and computer storage medium |
| CN112600703A (en) * | 2020-12-11 | 2021-04-02 | 中国工商银行股份有限公司 | Network equipment remote access fault positioning method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10616279B2 (en) * | 2016-08-30 | 2020-04-07 | Nicira, Inc. | Adaptable network event monitoring configuration in datacenters |
-
2021
- 2021-11-30 CN CN202111449428.0A patent/CN114143088B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067395A (en) * | 2012-12-31 | 2013-04-24 | 苏州山石网络有限公司 | Method and device for diagnosing network firewall |
| CN104268477A (en) * | 2014-09-26 | 2015-01-07 | 华为技术有限公司 | Safety control method and network device |
| CN106330506A (en) * | 2015-06-29 | 2017-01-11 | 华为技术有限公司 | Service fault location method and device |
| CN106059931A (en) * | 2016-08-04 | 2016-10-26 | 杭州迪普科技有限公司 | Message forwarding method and device |
| CN109802960A (en) * | 2019-01-08 | 2019-05-24 | 深圳中兴网信科技有限公司 | Firewall policy processing method and processing device, computer equipment and storage medium |
| WO2021008028A1 (en) * | 2019-07-18 | 2021-01-21 | 平安科技(深圳)有限公司 | Network attack source tracing and protection method, electronic device and computer storage medium |
| CN112118261A (en) * | 2020-09-21 | 2020-12-22 | 杭州迪普科技股份有限公司 | Session violation access detection method and device |
| CN112600703A (en) * | 2020-12-11 | 2021-04-02 | 中国工商银行股份有限公司 | Network equipment remote access fault positioning method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114143088A (en) | 2022-03-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10965580B2 (en) | Systems and methods for automated determination of network device transiting data attributes | |
| CN108932426B (en) | Unauthorized vulnerability detection method and device | |
| CN112631913B (en) | Method, device, equipment and storage medium for monitoring operation faults of application program | |
| US10257222B2 (en) | Cloud checking and killing method, device and system for combating anti-antivirus test | |
| CN108256322B (en) | Security testing method and device, computer equipment and storage medium | |
| CN106778260A (en) | Attack detection method and device | |
| CN109063486B (en) | Safety penetration testing method and system based on PLC equipment fingerprint identification | |
| CN110943984B (en) | Asset safety protection method and device | |
| CN113114680B (en) | Detection method and detection device for file uploading vulnerability | |
| CN110311927B (en) | Data processing method and device, electronic device and medium | |
| CN111756697B (en) | API safety detection method and device, storage medium and computer equipment | |
| CN113098852B (en) | Log processing method and device | |
| CN112104523B (en) | Detection method, device and equipment for flow transparent transmission and storage medium | |
| CN110784364B (en) | Data monitoring method and device, storage medium and terminal | |
| CN114143088B (en) | Network fault diagnosis method, device, equipment and computer readable storage medium | |
| CN117424743A (en) | Data processing method and device, electronic equipment and storage medium | |
| JP2017199250A (en) | Computer system, analysis method of data, and computer | |
| CN114327981A (en) | Safety verification system, method and device of function safety mechanism | |
| CN116155519A (en) | Threat alert information processing method, threat alert information processing device, computer equipment and storage medium | |
| CN112699369A (en) | Method and device for detecting abnormal login through stack backtracking | |
| CN112329021A (en) | Method and device for checking application bugs, electronic device and storage medium | |
| CN118041824A (en) | Method and device for testing bypass mirror function, electronic equipment and storage medium | |
| CN115834445A (en) | ARP blocking verification method, system, equipment and storage medium | |
| CN114760218A (en) | Link sampling method and related device thereof | |
| CN116132136A (en) | Network debugging method, device, system and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20231226 Address after: 071800 Conference Center 1-184, South Section of Baojin Expressway, Xiong'an Area, Xiong'an New District, Baoding City, Hebei Province Applicant after: Tianrongxin Xiongan Network Security Technology Co.,Ltd. Applicant after: Beijing Topsec Network Security Technology Co.,Ltd. Applicant after: Topsec Technologies Inc. Applicant after: BEIJING TOPSEC SOFTWARE Co.,Ltd. Address before: 100000 4th floor, building 3, yard 1, Shangdi East Road, Haidian District, Beijing Applicant before: Beijing Topsec Network Security Technology Co.,Ltd. Applicant before: Topsec Technologies Inc. Applicant before: BEIJING TOPSEC SOFTWARE Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |