CN114143162A - Rule matching method of network equipment syslog information based on cache - Google Patents

Rule matching method of network equipment syslog information based on cache Download PDF

Info

Publication number
CN114143162A
CN114143162A CN202010815142.9A CN202010815142A CN114143162A CN 114143162 A CN114143162 A CN 114143162A CN 202010815142 A CN202010815142 A CN 202010815142A CN 114143162 A CN114143162 A CN 114143162A
Authority
CN
China
Prior art keywords
syslog
rule
information
matching
cache
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010815142.9A
Other languages
Chinese (zh)
Inventor
王建
杨雪辰
赵爽
刘光伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Unihub China Information Technology Co Ltd
Original Assignee
Unihub China Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Unihub China Information Technology Co Ltd filed Critical Unihub China Information Technology Co Ltd
Priority to CN202010815142.9A priority Critical patent/CN114143162A/en
Publication of CN114143162A publication Critical patent/CN114143162A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/14Details of searching files based on file metadata
    • G06F16/148File search processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/1734Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • G06F16/90335Query processing
    • G06F16/90344Query processing by using string matching techniques
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Library & Information Science (AREA)
  • Computational Linguistics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a rule matching method of network equipment syslog information based on cache, wherein the method comprises the following steps: acquiring a syslog mode of the syslog information, and marking the syslog mode as P; in the cache of the network management system, a syslog Rule set corresponding to the syslog mode P is inquired and recorded as { Rule }P(ii) a Traverse { Rule }PUntil a successful match. The method utilizes the similarity of the syslog information, extracts the syslog mode of the syslog information by simply processing the syslog information, and further establishes the corresponding relation between the syslog mode and the syslog rule set, thereby accurately limiting the syslog rule matching testAnd the range improves the processing efficiency.

Description

Rule matching method of network equipment syslog information based on cache
Technical Field
The invention relates to the field of rule matching of network equipment syslog information, in particular to a rule matching method of the network equipment syslog information based on cache.
Background
The network device refers to a physical entity forming a telecommunication operator network, and mainly comprises a switch, a broadband remote access server, a router and the like. Modern telecom operator networks consist of thousands of network devices.
Smooth and efficient operation of modern telecom operator networks relies on the proper operation of each network device. Therefore, when the network equipment fails, the network management software can generate an alarm in the shortest time, so that network operation and maintenance personnel can find and process the network equipment failure as early as possible.
Currently, mainstream network devices automatically send device running logs item by item to a network management syslog acquisition probe in real time through a syslog protocol, as shown in fig. 1.
Each device log is text information like the following:
Figure BDA0002632407470000011
Figure BDA0002632407470000021
and collecting the text information by using a network management syslog acquisition probe, and classifying the syslog information into a common system log and alarm information according to a syslog rule set by an operator network operation and maintenance worker. For the alarm information, it is further divided into different categories and different levels, etc.
One of the core works of the network management syslog acquisition probe is to find a syslog rule suitable for the content of the syslog information from a syslog rule set for each piece of syslog information received, and execute corresponding operations defined in the rule. The common method is to traverse the syslog rule set, perform matching test on the syslog information and each syslog rule until a rule is successfully matched, and then execute corresponding operations defined in the rule.
Usually, hundreds of rules are concentrated in the syslog rule, so the rule matching test is a time-consuming program in a network management syslog acquisition probe program, a large amount of CPU computing resources are consumed, and a special optimization design is required to realize efficient processing of the device running log, so that overstock is avoided.
Disclosure of Invention
In order to solve the problem of time-consuming syslog rule matching test repeatedly executed, the invention provides a rule matching method of the syslog information of the network equipment based on cache, and the syslog rule set needing matching test is accurately limited by establishing the corresponding relation between the syslog mode and the syslog rule set, so that efficient syslog rule matching is realized.
In order to achieve the purpose, the invention adopts the following technical scheme:
in an embodiment of the present invention, a rule matching method for network device syslog information based on cache is provided, where the method includes:
step one, acquiring a syslog mode of syslog information, and recording the syslog mode as P;
step two, in the network management system cache, querying the syslog Rule set corresponding to the syslog mode P, and recording the syslog Rule set as { Rule }P
Step three, traversing { Rule }PUntil a successful match; if in { Rule }PIf there is no syslog Rule successfully matched, the syslog information is compared with all syslog Rule sets { Rule }ALLThe syslog rules in (1) are subjected to matching test, and the successfully matched syslog rules are added to a syslog Rule set { Rule } corresponding to the syslog pattern PPIn (1). Further, the method for acquiring the syslog pattern in the first step includes:
recording syslog information as S and copying one copy as ScopyDeleting S by regular expression replacement methodcopyThe Arabic numerals in (1);
s by SHA-1copyConverted into a message digest, denoted Sdigest
Will SdigestThe syslog pattern P corresponds to the piece of syslog information.
Further, the syslog information S is used for the subsequentsyslog rule matching test, ScopyFor generating syslog pattern P.
Further, the message digest is fixed to 20 bytes in length and is in the form of 40 16-ary numbers, denoted as Sdigest
Further, the caching of the network management system in the second step is realized by adopting a memory database.
Further, the memory database stores syslog pattern P and syslog Rule set { Rule }PThe correspondence between the two.
Further, the query method of the syslog rule set corresponding to the syslog pattern P in the second step includes:
inquiring whether a corresponding syslog Rule set { Rule } exists in a memory database according to the syslog mode PP
If there is a corresponding RulePThen, the syslog information S is compared with { Rule }PMatching the syslog rules in the step (1);
if there is no corresponding RulePOr { Rule }PIf there is no matching syslog rule, then "match test with all syslog rule sets" is performed.
Further, for the first syslog information of a syslog pattern P, it is necessary to execute "Rule set { Rule }with all syslogs }ALLAnd performing matching test', writing the successfully matched syslog Rule into the memory database, and performing matching on the syslog mode P and the syslog Rule set { Rule }PAnd maintaining the corresponding relation of the two for the subsequent syslog information of the syslog mode P to be directly used.
Further, for a certain syslog information S and syslog Rule set { Rule }PWhen the syslog Rule in (1) is subjected to matching test, the matched syslog Rule can not be found, and the method needs to execute the method of matching with all syslog Rule sets { Rule }ALLMatch test "is performed and the successfully matched syslog Rule is updated to the syslog Rule set { Rule }PFor use with subsequent syslog information.
Furthermore, a piece of syslog information uniquely corresponds to a syslog mode P, and a syslog Rule set { Rule } corresponding to the syslog mode PPIs a netAll-pipe syslog Rule set { Rule }ALLIncludes a small number of syslog rules.
Further, in the network management system cache, the above syslog mode P and the corresponding syslog Rule set { Rule }are saved in a key-value mannerPWherein the syslog pattern P is key, and the syslog Rule set { Rule }PIs value.
Has the advantages that:
compared with the traditional method, the method utilizes the similarity of the syslog information, extracts the syslog mode of the syslog information by simply processing the syslog information, and further establishes the corresponding relation between the syslog mode and the syslog rule set, so that the matching test range of the syslog rule is accurately limited, and the processing efficiency is improved.
Drawings
FIG. 1 is a schematic diagram of a transmission of a log of a current mainstream network device;
FIG. 2 is a diagram illustrating data mapping according to an embodiment of the present invention;
fig. 3 is a schematic flow chart of a rule matching method for caching-based network device syslog information according to an embodiment of the present invention.
Detailed Description
The principles and spirit of the present invention will be described below with reference to several exemplary embodiments, which should be understood to be presented only to enable those skilled in the art to better understand and implement the present invention, and not to limit the scope of the present invention in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As will be appreciated by one skilled in the art, embodiments of the present invention may be embodied as a system, apparatus, device, method, or computer program product. Accordingly, the present disclosure may be embodied in the form of: entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
According to the embodiment of the invention, a rule matching method based on cached network equipment syslog information is provided.
Generally, the syslog rule of the network manager only performs a matching test with the keyword in the syslog information, and basically ignores the digital content in the syslog information. For example, for the "BFD session DOWN" syslog rule of hua is a device, only checking whether the character string "BFD session changed to DOWN" is included in the syslog information during the matching test. For the following "BFD session DOWN" syslog information, when performing matching test with the network management syslog rule, what really plays a role is "BFD session changed to DOWN".
Figure BDA0002632407470000061
We found that there is a high degree of similarity between the different syslog information. Taking the syslog data of a certain operator and a certain province as an example, the number of records of all syslog information is 12744366 in the period from 1 st 5 th to 7 th 5 th month in this year. After simple text replacement processing is performed on the syslog information (all digital contents in the syslog information are deleted, and only character contents are reserved), a large amount of repeated information appears, and the number of non-repeated syslog records is 288254, which is only 2.26% of the total number of the original syslog.
These highly condensed and non-repeating syslog information can be regarded as a syslog information schema. Taking the most common device port DOWN syslog information as an example, the following is shown:
Figure BDA0002632407470000071
in the above example, the deleted digital content is related only to the time, the device IP address, the device model, the device port number, and the like. Other syslog information is similar. And usually this information is not the content of interest to the network management syslog rule set.
Typically, the network management syslog rule set performs match tests only with combinations of keywords in the syslog schema. If the corresponding relation between the network management syslog rule and the syslog mode is recorded, basically only the first syslog information of a certain syslog mode needs to be matched and tested with all syslog rule sets, for the subsequent syslog information of the syslog mode, only the network management system cache needs to be inquired, the syslog rule sets of the syslog mode needing to be matched and tested can be obtained, and the traversal of all the syslog rule sets is not needed, so that the number of the matched tests of the syslog rule is greatly reduced, and the processing efficiency of the syslog information is improved.
The principles and spirit of the present invention are explained in detail below with reference to several representative embodiments of the invention.
Fig. 3 is a schematic flow chart of a rule matching method for caching-based network device syslog information according to an embodiment of the present invention. As shown in fig. 3, the method includes:
step one, acquiring a syslog mode of syslog information, and recording the syslog mode as P;
step two, in the network management system cache, querying the syslog Rule set corresponding to the syslog mode P, and recording the syslog Rule set as { Rule }P
Step three, traversing { Rule }PUntil a successful match; if in { Rule }PIf there is no syslog Rule successfully matched, the syslog information is compared with all syslog Rule sets { Rule }ALLThe syslog rules in (1) are subjected to matching test, and the successfully matched syslog rules are added to a syslog Rule set { Rule } corresponding to the syslog pattern PPIn (1).
Fig. 2 is a schematic diagram of a data correspondence relationship according to an embodiment of the present invention. As shown in fig. 2, a syslog information uniquely corresponds to a syslog pattern P, and the syslog pattern P corresponds to a syslog Rule set { Rule }POnly the complete syslog Rule set { Rule }of network managementALLOnly a few syslog rules.
In the cache of the network management system, the syslog mode P and the corresponding syslog Rule set { Rule } are stored in a key-value modePWherein the syslog pattern P is key, and the syslog Rule set { Rule }PIs value.
In the technical scheme, the method for acquiring the syslog mode comprises the following steps:
copy syslog information (denoted as S) into one copy, denoted as ScopyDeleting S by regular expression replacement methodcopyArabic numerals in (1). S is used for subsequent syslog rule matching test, ScopyFor generating syslog pattern P;
considering that the data size of the syslog pattern P needing to be cached is large, S is usedcopyIs a long text message with variable length, if directly with ScopyBeing syslog pattern P, query efficiency is affected. Therefore, S is hashed using SHA-1 (secure hash algorithm 1)copyConverted into a message digest fixed to 20 bytes in length, usually in the form of 40 16 digits, denoted Sdigest
Will SdigestThe syslog pattern P corresponds to the piece of syslog information.
In the technical scheme, the network management system cache is realized by adopting a memory database, such as Redis (an open source memory database). Storing the syslog schema P, syslog Rule set { Rule }in a memory databasePThe correspondence between the two.
In the technical scheme, the query method of the syslog rule set corresponding to the syslog mode P comprises the following steps:
inquiring whether a corresponding syslog Rule set { Rule } exists in a memory database according to the syslog mode PP
If there is a corresponding RulePThen, the syslog information S is compared with { Rule }PMatching the syslog rules in the step (1);
if there is no corresponding RulePOr { Rule }PIf there is no matching syslog rule, then "match test with all syslog rule sets" is performed.
In the technical scheme, for the first syslog information of a certain syslog mode P, the method needs to execute' all syslog Rule sets { Rule }ALLAnd performing matching test', writing the successfully matched syslog Rule into the memory database, and performing matching on the syslog mode P and the syslog Rule set { Rule }PAnd maintaining the corresponding relation of the two for the subsequent syslog information of the syslog mode P to be directly used.
In the technical scheme, the pairCertain syslog information S and syslog Rule set { Rule }PWhen the syslog Rule in (1) is subjected to matching test, the matched syslog Rule can not be found, and the method needs to execute the method of matching with all syslog Rule sets { Rule }ALLMatch test "is performed and the successfully matched syslog Rule is updated to the syslog Rule set { Rule }PFor use with subsequent syslog information.
It should be noted that although the operations of the method of the present invention have been described in the above embodiments and the accompanying drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the operations shown must be performed, to achieve the desired results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
For a clearer explanation of the rule matching method based on the cached network device syslog information, a specific embodiment is described below, but it should be noted that the embodiment is only for better explaining the present invention and is not to be construed as an undue limitation to the present invention.
The rule matching method based on the cached network device syslog information is described in more detail below by way of example, specifically as follows:
calculating the syslog pattern:
firstly, copy syslog information (marked as S) into one copy, marked as Scopy. Deleting S by regular expression replacement methodcopyArabic numerals in (1). S is used for subsequent syslog rule matching tests. ScopyFor generating syslog pattern P. The schematic is as follows:
Figure BDA0002632407470000101
Figure BDA0002632407470000111
second step, taking into account the need to slow downThe amount of data stored in syslog pattern P is large due to ScopyIs a long text message with variable length, if directly with ScopyBeing syslog pattern P, query efficiency is affected. Therefore, we use SHA-1 (secure hash algorithm 1) to hash ScopyConverted into a message digest fixed to 20 bytes in length, usually in the form of 40 16 digits, denoted Sdigest. The schematic is as follows:
Figure BDA0002632407470000112
Figure BDA0002632407470000121
will SdigestThe syslog pattern P corresponds to the piece of syslog information.
Query syslog rule set for syslog schema:
in the technical scheme, the network management system cache is realized by adopting a memory database, such as Redis (an open source memory database). Storing the syslog schema P, syslog Rule set { Rule }in a memory databasePThe correspondence between the two. The schematic is as follows:
Figure BDA0002632407470000122
firstly, according to the syslog mode P, inquiring whether a corresponding syslog Rule set { Rule }exists in a memory database or notP
If there is a corresponding RulePThen, the syslog information S is compared with { Rule }PThe syslog rule in (1) is matched. For example, syslog information "May 500:03:02: ffff:10.10.10.100 AA-BB-CCC-1. MAN.S9312%% 01IFPDT/4/IF _ STATE (l) [654529 ]]The Interface Ethernet1/0/27 has turned Inter DOWN state "corresponds to" rule 101, rule 202 ", match these 2 rules respectively.
If there is no corresponding RulePOr { Rule }PIf there is no matching syslog rule in (1), then "match test with all syslog rule sets" is performed. For example, syslog information "May 609: 02:43:: ffff:19.10.10.1 AA-BB-CC-DD-1. EEE.NE5000E%% 01BFD/4/STACHG _ TODWN (l): CID ═ 0x 80740448; BFD session changed to Down (SlotNumber 16, resolver 32198, Diagnostic detetdown, Applications PIM, processsst fase, BindInterfaceName 100GE16/0/0.301, interfacephysical state Up, interfaceprotocol state Up) #015 "has no corresponding rule in the cache, and the next step needs to be performed.
Match tests were performed with all syslog rule sets:
this step is time consuming and is also a step that the technical solution wants to skip as much as possible.
Basically this step needs to be performed for the first syslog information of a syslog schema, with all syslog Rule sets { Rule }ALLCarrying out matching test, writing the successfully matched syslog Rule into the memory database, and comparing P, { Rule }PAnd maintaining the corresponding relation of the two for the subsequent syslog information of the syslog mode P to be directly used. For example, for syslog information "May 609: 02:43:: ffff:19.10.10.1 AA-BB-CC-DD-1. EEE.NE5000E%% 01BFD/4/STACHG _ TODWN (l): CID ═ 0x 80740448; BFD session changed to Down "(SlotNumber 16, secrementor 32198, Diagnostic DetectDown, Applications PIM, processspst fase, BindInterfaceName 100GE16/0/0.301, interfacephysical state Up, InterfaceProtocolState Up 015", which is matched with the syslog rule set "rule 1, rule 2,.. rule N", and if matching with the "rule 303" is successful, the syslog information is processed according to the rule and the cache information is modified, as shown below:
Figure BDA0002632407470000141
in special cases, some syslog rules also use some digital part of the syslog information. For this case, the present solution is also supported. In this case, it is preferable that the air conditioner,certain syslog information S and { Rule }PWhen the syslog rule in (1) is subjected to matching test, the matched syslog rule may not be found. At this time, the step is also jumped to, match test is carried out on the syslog Rule sets, and the syslog Rule which is successfully matched is updated to { Rule }PFor use with subsequent syslog information.
Compared with the traditional method, the rule matching method of the network equipment syslog information based on the cache provided by the invention has the advantages that the similarity of the syslog information is utilized, the syslog mode is extracted by simply processing the syslog information, and the corresponding relation between the syslog mode and the syslog rule set is further established, so that the matching test range of the syslog rule is accurately limited, and the processing efficiency is improved.
While the spirit and principles of the invention have been described with reference to several particular embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, nor is the division of aspects, which is for convenience only as the features in such aspects may not be combined to benefit. The invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
The limitation of the protection scope of the present invention is understood by those skilled in the art, and various modifications or changes which can be made by those skilled in the art without inventive efforts based on the technical solution of the present invention are still within the protection scope of the present invention.

Claims (11)

1. The rule matching method based on the cached network equipment syslog information is characterized by comprising the following steps of:
step one, acquiring a syslog mode of syslog information, and recording the syslog mode as P;
step two, in the network management system cache, querying the syslog Rule set corresponding to the syslog mode P, and recording the syslog Rule set as { Rule }P
Step three, traversing { Rule }PUntil a successful match; if in { Rule }PIf there is no syslog rule successfully matched, the syslog information is compared with all syslog Rule set { Rule }ALLThe syslog rules in (1) are subjected to matching test, and the successfully matched syslog rules are added to a syslog Rule set { Rule } corresponding to the syslog pattern PPIn (1).
2. The rule matching method for the cache-based network device syslog information according to claim 1, wherein the method for acquiring the syslog pattern in the first step comprises:
recording syslog information as S and copying one copy as ScopyDeleting S by regular expression replacement methodcopyThe Arabic numerals in (1);
s by SHA-1copyConverted into a message digest, denoted Sdigest
Will SdigestThe syslog pattern P corresponds to the piece of syslog information.
3. The rule matching method for the syslog information of the cache-based network device according to claim 2, wherein the syslog information S is used for a subsequent syslog rule matching test, ScopyFor generating syslog pattern P.
4. The rule matching method for cache-based network device syslog information according to claim 2, wherein the length of the message digest is fixed to 20 bytes, and the message digest is in the form of 40 16-ary numbers, denoted as Sdigest
5. The rule matching method for the cache-based network device syslog information according to claim 1, wherein the cache of the network management system in the second step is implemented by using an in-memory database.
6. The Rule matching method for cache-based network device syslog information according to claim 5, wherein the memory database stores syslog pattern P and syslog Rule set { Rule }PThe correspondence between the two.
7. The rule matching method for the syslog information based on the cache of claim 1, wherein the query method for the syslog rule set corresponding to the syslog pattern P in the second step comprises:
inquiring whether a corresponding syslog Rule set { Rule } exists in a memory database according to the syslog mode PP
If there is a corresponding RulePThen, the syslog information S is compared with { Rule }PMatching the syslog rules in the step (1);
if there is no corresponding RulePOr { Rule }PIf there is no matching syslog rule, then "match test with all syslog rule sets" is performed.
8. The method for matching rules of syslog information of cache-based network devices as claimed in claim 1, wherein for the first syslog information of a syslog pattern P, the Rule matching with all syslog Rule sets { Rule }needs to be executedALLAnd performing matching test', writing the successfully matched syslog Rule into the memory database, and performing matching on the syslog mode P and the syslog Rule set { Rule }PAnd maintaining the corresponding relation of the two for the subsequent syslog information of the syslog mode P to be directly used.
9. The method for matching rules of syslog information of cache-based network device according to claim 1, wherein the syslog information S is matched with a syslog Rule set { Rule }PWhen the syslog Rule in (1) is subjected to matching test, the matched syslog Rule can not be found, and the method needs to execute the method of matching with all syslog Rule sets { Rule }ALLMatch test "is performed and the successfully matched syslog Rule is updated to the syslog Rule set { Rule }PFor use with subsequent syslog information.
10. The method according to claim 1, wherein a syslog information is uniquely corresponding to a syslog pattern P, syslog modeThe syslog Rule set { Rule } corresponding to formula PPIs the syslog Rule set { Rule }of all network managersALLIncludes a small number of syslog rules.
11. The method as claimed in claim 1, wherein the syslog mode P and the corresponding syslog Rule set { Rule } are stored in a key-value manner in the network management system cachePWherein the syslog pattern P is key, and the syslog Rule set { Rule }PIs value.
CN202010815142.9A 2020-08-13 2020-08-13 Rule matching method of network equipment syslog information based on cache Pending CN114143162A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010815142.9A CN114143162A (en) 2020-08-13 2020-08-13 Rule matching method of network equipment syslog information based on cache

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010815142.9A CN114143162A (en) 2020-08-13 2020-08-13 Rule matching method of network equipment syslog information based on cache

Publications (1)

Publication Number Publication Date
CN114143162A true CN114143162A (en) 2022-03-04

Family

ID=80438192

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010815142.9A Pending CN114143162A (en) 2020-08-13 2020-08-13 Rule matching method of network equipment syslog information based on cache

Country Status (1)

Country Link
CN (1) CN114143162A (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101697520A (en) * 2009-11-12 2010-04-21 杭州华三通信技术有限公司 Method and device for processing system logs
CN103812676A (en) * 2012-11-08 2014-05-21 深圳中兴网信科技有限公司 Apparatus and method for realizing log data real-time association
CN105843878A (en) * 2016-03-17 2016-08-10 杭州优云软件有限公司 IT system event standardization realization method
CN106126730A (en) * 2016-07-01 2016-11-16 百势软件(北京)有限公司 A kind of method and device of Mass production warning information
CN106685746A (en) * 2017-03-28 2017-05-17 上海以弈信息技术有限公司 Correlation analysis method for abnormal log and flow
CN106815125A (en) * 2015-12-02 2017-06-09 阿里巴巴集团控股有限公司 A kind of log audit method and platform
CN107248927A (en) * 2017-05-02 2017-10-13 华为技术有限公司 Generation method, Fault Locating Method and the device of fault location model
CN107526674A (en) * 2017-08-31 2017-12-29 郑州云海信息技术有限公司 A kind of method and apparatus of embedded system log recording
CN107622120A (en) * 2017-09-22 2018-01-23 新华三技术有限公司 System journal method for cleaning and device
CN109189736A (en) * 2018-08-01 2019-01-11 中国联合网络通信集团有限公司 A kind of generation method and device of alarm association rule
CN110019067A (en) * 2017-09-26 2019-07-16 深圳市中兴微电子技术有限公司 A kind of log analysis method and system

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101697520A (en) * 2009-11-12 2010-04-21 杭州华三通信技术有限公司 Method and device for processing system logs
CN103812676A (en) * 2012-11-08 2014-05-21 深圳中兴网信科技有限公司 Apparatus and method for realizing log data real-time association
CN106815125A (en) * 2015-12-02 2017-06-09 阿里巴巴集团控股有限公司 A kind of log audit method and platform
CN105843878A (en) * 2016-03-17 2016-08-10 杭州优云软件有限公司 IT system event standardization realization method
CN106126730A (en) * 2016-07-01 2016-11-16 百势软件(北京)有限公司 A kind of method and device of Mass production warning information
CN106685746A (en) * 2017-03-28 2017-05-17 上海以弈信息技术有限公司 Correlation analysis method for abnormal log and flow
CN107248927A (en) * 2017-05-02 2017-10-13 华为技术有限公司 Generation method, Fault Locating Method and the device of fault location model
CN107526674A (en) * 2017-08-31 2017-12-29 郑州云海信息技术有限公司 A kind of method and apparatus of embedded system log recording
CN107622120A (en) * 2017-09-22 2018-01-23 新华三技术有限公司 System journal method for cleaning and device
CN110019067A (en) * 2017-09-26 2019-07-16 深圳市中兴微电子技术有限公司 A kind of log analysis method and system
CN109189736A (en) * 2018-08-01 2019-01-11 中国联合网络通信集团有限公司 A kind of generation method and device of alarm association rule

Similar Documents

Publication Publication Date Title
US11238069B2 (en) Transforming a data stream into structured data
US7092956B2 (en) Deduplication system
US9697066B2 (en) Method for processing data quality exceptions in a data processing system
US8438336B2 (en) System and method for managing large filesystem-based caches
KR20010072353A (en) Transaction recognition and prediction using regular expressions
CN102918534A (en) Query pipeline
US20130066869A1 (en) Computer system, method of managing a client computer, and storage medium
US10489493B2 (en) Metadata reuse for validation against decentralized schemas
US10313377B2 (en) Universal link to extract and classify log data
CN112367211B (en) Method, device and storage medium for generating configuration template by device command line
CN111767573A (en) Database security management method and device, electronic equipment and readable storage medium
US10893067B1 (en) Systems and methods for rapidly generating security ratings
KR100817562B1 (en) Method for indexing a large scaled logfile, computer readable medium for storing program therein, and system for the preforming the same
CN113641742A (en) Data extraction method, device, equipment and storage medium
US20050160134A1 (en) Method and apparatus for transforming systems management native event formats to enable correlation
CN114143162A (en) Rule matching method of network equipment syslog information based on cache
Cranor et al. Characterizing large DNS traces using graphs
US10545798B2 (en) Resegmenting chunks of data for efficient load balancing across indexers
CN112015910B (en) Domain name knowledge base generation method and device, computer equipment and storage medium
CN113839940A (en) URL pattern tree-based defense method and device, electronic equipment and readable storage medium
US20210173729A1 (en) Systems and methods of application program interface (api) parameter monitoring
US10469319B2 (en) Certification tool gap analyzer
Sigvardsson Code Cloning Habits Of The Jupyter Notebook Community
US20230168871A1 (en) Systems, methods, and devices for automatic application programming interface model generation based on network traffic
CN108415930A (en) Data analysis method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination