CN117194334B - Log storage method, device, equipment and medium of distributed log storage system - Google Patents

Log storage method, device, equipment and medium of distributed log storage system Download PDF

Info

Publication number
CN117194334B
CN117194334B CN202311473894.1A CN202311473894A CN117194334B CN 117194334 B CN117194334 B CN 117194334B CN 202311473894 A CN202311473894 A CN 202311473894A CN 117194334 B CN117194334 B CN 117194334B
Authority
CN
China
Prior art keywords
log
information
bmc
target
original
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311473894.1A
Other languages
Chinese (zh)
Other versions
CN117194334A (en
Inventor
任旭阳
董建宁
曲燕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Metabrain Intelligent Technology Co Ltd
Original Assignee
Suzhou Metabrain Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Metabrain Intelligent Technology Co Ltd filed Critical Suzhou Metabrain Intelligent Technology Co Ltd
Priority to CN202311473894.1A priority Critical patent/CN117194334B/en
Publication of CN117194334A publication Critical patent/CN117194334A/en
Application granted granted Critical
Publication of CN117194334B publication Critical patent/CN117194334B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Storage Device Security (AREA)

Abstract

The application provides a log storage method, device, equipment and medium of a distributed log storage system. The distributed log storage system includes: a distributed storage system and blockchain comprising a plurality of BMC-based distributed storage nodes, the method comprising: invoking a target BMC in the distributed storage system to store locally generated original log information in the distributed storage node; invoking the target BMC to process the original log information and generating log abstract information corresponding to the original log information; the log summary information is stored within a data block in the blockchain. According to the method and the system, log storage pressure of a single BMC can be balanced, the log can be stored more permanently, meanwhile, the fact that log information is not tampered can be verified, and the retrievability and accessibility of the log are improved.

Description

Log storage method, device, equipment and medium of distributed log storage system
Technical Field
The present disclosure relates to the field of log processing technologies, and in particular, to a log storage method, device, equipment, and medium for a distributed log storage system.
Background
The BMC (Baseboard Management Controller ) is used as a small operating system independent of the server, is responsible for monitoring and managing the on-site state, the health state, the power consumption of the server and the like of the server, and can remotely realize large-scale unattended operation in batches by operation and maintenance personnel.
During the running of the server, the BMC monitors and records information and logs of various hardware of the server, a user can diagnose and position the server faults according to the logs and alarm information recorded by the BMC, and some BMCs with the novel technology can also realize the autonomous diagnosis of the server faults according to the server running information recorded by the BMC.
Besides, the BMC also records audit logs, the audit logs can embody all security events, user access records, operation behavior records and the like of the server including the BMC, and through inquiry and tracking of the audit logs, key behaviors of illegal login, tracing misoperation or abnormal operation behavior management by logging in a system in a Web (World Wide Web), IPMI (Intelligent Platform Management Interface ) mode and the like can be prevented from being recorded, and the scope of the key behaviors includes but is not limited to login, log-out, user management, password management, authorization management, core security configuration (such as access control strategies, automatic update strategies, security monitoring strategies, audit functions and the like) change, firmware update and recovery and the like.
The audit log has limited support size, and the parts exceeding the support size are packed and backed up and do not support real-time viewing; the system event log and alarm can only record a certain number of entries, and when the maximum number is reached, the new log is generated and the old log is deleted. Both logs are stored in the BMC in the form of text files, so that the possibility of malicious tampering or stealing exists, and a user cannot verify the integrity of the log files, thereby interfering with the correctness of subsequent log analysis.
However, the audit log and the system event log are important bases for security inspection, malicious attack tracing, fault analysis, fault elimination and prediction, have extremely high reference value, and need a more durable and safer way to store the data with more convenient access.
Disclosure of Invention
The embodiment of the application provides a log storage method, device, equipment and medium of a distributed log storage system, which are used for solving the problems that in the related art, logs are stored in a text file form in a BMC, the possibility of being tampered or stolen maliciously exists, a user cannot verify the integrity of the log files, and the correctness of subsequent log analysis is interfered.
In order to solve the above technical problems, embodiments of the present application are implemented as follows:
In a first aspect, an embodiment of the present application provides a log storage method of a distributed log storage system, where the distributed log storage system includes: a distributed storage system and blockchain comprising a plurality of BMC-based distributed storage nodes, the method comprising:
invoking a target BMC in the distributed storage system to store locally generated original log information in the distributed storage node;
invoking the target BMC to process the original log information and generating log abstract information corresponding to the original log information;
the log summary information is stored within a data block in the blockchain.
Optionally, the invoking the target BMC within the distributed storage system to store locally generated original log information at the distributed storage node includes:
invoking the target BMC to encrypt the original log information based on a first encryption algorithm to generate encrypted log information;
and storing the encrypted log information in the distributed storage node.
Optionally, the storing the encrypted log information in the distributed storage node includes:
determining whether the local storage space of the target BMC meets the storage condition of the encrypted log information;
Storing the encrypted log information in the local storage space in response to the local storage space meeting the storage condition of the encrypted log information;
and transmitting the encrypted log information and the digital signature information of the target BMC to a first BMC of the distributed storage system in response to the local storage space not meeting the storage condition of the encrypted log information, so that the first BMC can verify the digital signature information, and after the verification is completed, storing the encrypted log information in the storage space of the first BMC.
Optionally, the sending the encrypted log information and the digital signature information of the target BMC to the first BMC of the distributed storage system includes:
invoking the target BMC to search a first BMC in the distributed storage system by adopting a device discovery protocol;
and sending the encrypted log information and the digital signature information of the target BMC to the first BMC.
Optionally, the calling the target BMC to process the original log information, and generating log summary information corresponding to the original log information includes:
invoking the target BMC to acquire a log hash value and a log event type code of the original log information and digital signature information of the target BMC;
And generating the log abstract information based on the log hash value, the log event type code and the digital signature information.
Optionally, the calling the target BMC to obtain the log hash value of the original log information includes:
and calling the target BMC to perform hash calculation on the original log information by adopting a hash algorithm to obtain a log hash value of the original log information.
Optionally, the storing the log summary information in a data block in the blockchain includes:
obtaining a decryption key of the first encryption algorithm;
the log summary information and the decryption key are stored within a data block of the blockchain.
Optionally, the storing the log summary information and the decryption key in a data block of the blockchain includes:
decrypting the encrypted log summary based on a target decryption key corresponding to the second encryption algorithm to obtain log summary information, a decryption key of the first encryption algorithm and BMC information of the target BMC;
analyzing to obtain digital signature information of the target BMC in the log abstract information;
based on the BMC information and the digital signature information, performing identity verification on the target BMC;
After verification is successful, the log summary information, the decryption key and the BMC information of the target BMC are stored in a block body of the data block, and the timestamp information of the data block is stored in a block head of the data block.
Optionally, after the storing the log summary information in the data block in the blockchain, further includes:
analyzing the received log query request of the user to obtain a log query keyword;
inquiring to obtain target log abstract information corresponding to the log inquiry keywords;
inquiring to obtain target original log information corresponding to the target log abstract information, and sending the target original log information to the user.
Optionally, the parsing the received log query request of the user to obtain the log query keyword includes:
acquiring the log query request and a first decryption key sent by the user;
and decrypting the log query request based on the first decryption key to obtain the log query keyword and the user digital signature of the user.
Optionally, the querying obtains target log abstract information corresponding to the log query keyword, including:
Authenticating the user based on the user digital signature;
and after the identity verification is passed, inquiring to obtain target log abstract information corresponding to the log inquiry keywords.
Optionally, the sending the target original log information to the user includes:
decrypting the target original log information based on a decryption key of the first encryption algorithm to obtain decrypted original log information;
and sending the decrypted original log information to the user.
In a second aspect, an embodiment of the present application provides a log storage device of a distributed log storage system, where the distributed log storage system includes: a distributed storage system and blockchain comprising a plurality of BMC-oriented distributed storage nodes, the apparatus comprising:
the original log storage module is used for calling a target BMC in the distributed storage system to store the locally generated original log information in the distributed storage node;
the log abstract generation module is used for calling the target BMC to process the original log information and generating log abstract information corresponding to the original log information;
and the log abstract storage module is used for storing the log abstract information in a data block in the block chain.
Optionally, the original log storage module includes:
the encryption log generation unit is used for calling the target BMC to encrypt the original log information based on a first encryption algorithm to generate encryption log information;
and the encryption log storage unit is used for storing the encryption log information in the distributed storage nodes.
Optionally, the encryption log storage unit includes:
a storage condition determining subunit, configured to determine whether a local storage space of the target BMC meets a storage condition of the encrypted log information;
a first log storage subunit, configured to store the encrypted log information in a local storage space in response to the local storage space meeting a storage condition of the encrypted log information;
and the second log storage subunit is used for responding that the local storage space does not meet the storage condition of the encrypted log information, sending the encrypted log information and the digital signature information of the target BMC to a first BMC of the distributed storage system, verifying the digital signature information by the first BMC, and storing the encrypted log information in the storage space of the first BMC after the verification is completed.
Optionally, the second log storage subunit includes:
the first BMC searching subunit is used for calling the target BMC to search the first BMC in the distributed storage system by adopting a device discovery protocol;
and the encryption log storage subunit is used for sending the encryption log information and the digital signature information of the target BMC to the first BMC.
Optionally, the log summary generating module includes:
the digital signature acquisition unit is used for calling the target BMC to acquire the log hash value and the log event type code of the original log information and the digital signature information of the target BMC;
and the log digest generating unit is used for generating the log digest information based on the log hash value, the log event type code and the digital signature information.
Optionally, the digital signature acquisition unit includes:
and the log hash value acquisition subunit is used for calling the target BMC to perform hash calculation on the original log information by adopting a hash algorithm to obtain a log hash value of the original log information.
Optionally, the log summary storage module includes:
a decryption key acquisition unit configured to acquire a decryption key of the first encryption algorithm;
And the log digest storage unit is used for storing the log digest information and the decryption key in a data block of the blockchain.
Optionally, the log summary storage unit includes:
the encryption summary decryption subunit is used for decrypting the encryption log summary based on a target decryption key corresponding to the second encryption algorithm to obtain the log summary information, the decryption key of the first encryption algorithm and BMC information of the target BMC;
the log abstract analysis subunit is used for analyzing and obtaining the digital signature information of the target BMC in the log abstract information;
the identity verification subunit is used for carrying out identity verification on the target BMC based on the BMC information and the digital signature information;
and the log abstract storage subunit is used for storing the log abstract information, the decryption key and the BMC information of the target BMC in the block body of the data block after the verification is successful, and the timestamp information of the data block is stored in the block head of the data block.
Optionally, the apparatus further comprises:
the keyword acquisition module is used for analyzing the received log query request of the user to obtain log query keywords;
The target abstract query module is used for querying to obtain target log abstract information corresponding to the log query keywords;
and the target original log sending module is used for inquiring and obtaining target original log information corresponding to the target log abstract information and sending the target original log information to the user.
Optionally, the keyword obtaining module includes:
the inquiry request acquisition unit is used for acquiring the log inquiry request and the first decryption key sent by the user;
and the keyword acquisition unit is used for decrypting the log query request based on the first decryption key to obtain the log query keyword and the user digital signature of the user.
Optionally, the target abstract query module includes:
a user identity verification unit, configured to perform identity verification on the user based on the user digital signature;
and the target abstract query unit is used for querying to obtain target log abstract information corresponding to the log query keywords after the identity verification is passed.
Optionally, the target original log sending module includes:
the decryption log information acquisition unit is used for decrypting the target original log information based on a decryption key of the first encryption algorithm to obtain decryption original log information;
And the decryption log information sending unit is used for sending the decryption original log information to the user.
In a third aspect, an embodiment of the present application provides an electronic device, including:
a memory, a processor, and a computer program stored on the memory and executable on the processor, the computer program when executed by the processor implementing the log storage method of any of the above described distributed log storage systems.
In a fourth aspect, embodiments of the present application provide a readable storage medium, which when executed by a processor of an electronic device, enables the electronic device to perform a log storage method of a distributed log storage system as described in any one of the above.
In the embodiment of the application, the original log information generated locally is stored in the distributed storage node by calling the target BMC in the distributed storage system. And calling the target BMC to process the original log information and generating log abstract information corresponding to the original log information. Log summary information is stored within data blocks in a blockchain. According to the embodiment of the application, the BMC is used as a node of distributed storage by utilizing the self storage space and the external expansion space of the BMC. The log storage pressure of a single BMC can be balanced, the defects of the prior art are overcome, and the log is stored more permanently. Meanwhile, the log abstract data is extracted from the log original data, and is uploaded to the blockchain through various encryption measures, so that the blockchain can verify that the log information is not tampered. The blockchain is combined with a distributed storage structure to increase retrievability and accessibility of the log.
The foregoing description is only an overview of the technical solutions of the present application, and may be implemented according to the content of the specification in order to make the technical means of the present application more clearly understood, and in order to make the above-mentioned and other objects, features and advantages of the present application more clearly understood, the following detailed description of the present application will be given.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments of the present application will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person of ordinary skill in the art.
Fig. 1 is a flowchart of steps of a log storage method of a distributed log storage system according to an embodiment of the present application;
fig. 2 is a flowchart of steps of an encryption log storage method according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating steps of another method for storing an encrypted log according to an embodiment of the present application;
fig. 4 is a flowchart of steps of an encryption log sending method provided in an embodiment of the present application;
Fig. 5 is a step flowchart of a log summary generating method provided in an embodiment of the present application;
fig. 6 is a flowchart of steps of a log hash value obtaining method provided in an embodiment of the present application;
fig. 7 is a step flowchart of a log summary storing method provided in an embodiment of the present application;
FIG. 8 is a flowchart illustrating steps of another method for storing a log summary according to an embodiment of the present application;
fig. 9 is a flowchart of steps of a method for sending original log information according to an embodiment of the present application;
fig. 10 is a flowchart of steps of a keyword obtaining method provided in an embodiment of the present application;
FIG. 11 is a flowchart illustrating steps of a method for querying a summary of a target log according to an embodiment of the present application;
FIG. 12 is a flowchart illustrating steps of a method for sending a decrypted original log according to an embodiment of the present disclosure;
FIG. 13 is a schematic diagram of a blockchain-based journal storage architecture according to an embodiment of the present disclosure;
FIG. 14 is a schematic diagram of a log data processing flow provided in an embodiment of the present application;
fig. 15 is a schematic structural diagram of a log storage device of a distributed log storage system according to an embodiment of the present application;
fig. 16 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
Referring to fig. 1, a step flowchart of a log storage method of a distributed log storage system according to an embodiment of the present application is shown, where the distributed log storage system includes: a distributed storage system and a blockchain comprising a plurality of BMCs as distributed storage nodes. As shown in fig. 1, the log storage method of the distributed log storage system may include: step 101, step 102 and step 103.
Step 101: and calling a target BMC in the distributed storage system to store the original log information generated locally in the distributed storage node.
The embodiment of the application can be applied to a scene of storing the log generated by the BMC in combination with the blockchain technology.
The embodiments of the present application may be applied to a blockchain-based distributed log storage system, which may include: a distributed storage system and a blockchain comprising a plurality of BMCs as distributed storage nodes. As shown in fig. 13, the blockchain-based distributed BMC log storage structure may include: a distributed storage structure (i.e., a distributed storage system in this example) and a blockchain structure (i.e., a blockchain in this example). The distributed storage structure is composed of a plurality of BMCs, and each BMC can be used as a distributed node which can be used as the distributed storage structure. The blockchain structure is composed of a plurality of blockchain nodes, and each blockchain node is a data block.
The block chain is used as a decentralization data structure for sequentially connecting data blocks in time sequence, each block head of the block chain contains the hash value of the last block, so that the content in the block is not tampered, and the unique timestamp contained in each block ensures that the connection between the blocks is not tampered. The blockchain technology is traceable and tamper-proof, and a more reliable and safer way is provided for storing sensitive data.
In this example, the blockchain may be a private blockchain that may be compatible with consensus forms of PoW (Proof of Work), poS (Proof of rights), poC (Proof of Capacity ), and the like. The private blockchain transaction speed is high, the authorities are all controllable, the maintenance cost is low, and the functions, the performances and the safety requirements of the distributed log storage architecture can be met.
The private blockchain provided by the present example may support a solidiy smart contract. In the present log storage architecture, the following contracts are designed:
digital identity contracts: the digital identity authentication contract can process the functions of registration, login, certificate management, identity recognition and the like of the user and the server BMC equipment. And the strict correspondence between entity identities and digital identities is realized.
Data security contracts: the data security contract is responsible for encryption, authorization, etc. of the uplink data. Privacy rules of data on the face can be flexibly controlled, and related operations related to data security are audited.
A flow management contract: the method is responsible for ensuring the safety and controllability of service data, identity data and the like, can trace back the data sources at any time, modify the history and prevent malicious tampering.
In this embodiment, in the distributed storage system, firmware supporting the blockchain function is pre-brushed into each BMC, and digital signature information of each BMC is built into the corresponding firmware. Specifically, the server BMC needs to brush firmware supporting the blockchain function, and a unique digital signature specific to the BMC is built in the firmware for identifying the identity and authentication of the BMC by the blockchain intelligent contract; the firmware supports the BMC to take the free space of the FLASH or the external storage extension (such as a TF (Trans-FLASH Card) Card and the like) as a data storage unit node of the distributed storage. The BMCs can mutually discover and identify through an SSDP (Simple Service Discovery Protocol ) function, and verify the digital signature.
In this example, the distributed storage system may be a Hadoop storage system. Hadoop can process scenes with larger data size and file size, and a multi-copy mechanism is beneficial to disaster recovery backup. The distributed storage nodes are formed by BMCs joining the blockchain, and also support the addition of dedicated storage nodes. The method is flexible and portable, and does not need to spend high cost to specially build the storage node.
In practical applications, each BMC in the distributed storage system may monitor and record information and logs of various hardware of the corresponding server. After the target BMC (i.e., one or more BMCs in the distributed storage system) locally generates the log, the target BMC may be invoked to store the locally generated raw log information at the distributed storage node. Specifically, the original log information may be encrypted first, and the encrypted log information may be stored in the distributed storage node. As shown in fig. 14, AES encryption may be employed for the audit log/event alert log and stored in distributed storage nodes.
The process of storing the original log may be described in detail below in conjunction with fig. 2.
Referring to fig. 2, a flowchart illustrating steps of an encryption log storage method according to an embodiment of the present application is shown. As shown in fig. 2, the encryption log storage method may include: step 201 and step 202.
Step 201: and calling the target BMC to encrypt the original log information based on a first encryption algorithm to generate encrypted log information.
In this embodiment, after the target BMC locally generates the original log information, the target BMC may be invoked to encrypt the original log information based on the first encryption algorithm to generate encrypted log information.
In this example, the first encryption algorithm may be an AES encryption algorithm, a DES encryption algorithm, or the like, which is not limited in this embodiment.
After the target BMC is invoked to encrypt the original log information based on the first encryption algorithm to generate encrypted log information, step 202 is performed.
Step 202: and storing the encrypted log information in the distributed storage node.
After the target BMC is invoked to encrypt the original log information based on the first encryption algorithm and generate encrypted log information, the encrypted log information can be stored in the distributed storage node.
According to the embodiment of the application, the first encryption algorithm is adopted to encrypt the original log information and then log storage is carried out, so that the safety coefficient of log storage can be improved.
In this example, when storing the encrypted log information in the distributed storage node, it is first necessary to determine whether the target BMC local storage space satisfies the storage condition of the encrypted log information. If yes, the target BMC is used as a distributed storage node for storing the encrypted log information, otherwise, other BMCs can be used as distributed storage nodes for storing the encrypted log information. This implementation may be described in detail below in conjunction with fig. 3.
Referring to fig. 3, a flowchart illustrating steps of another method for storing an encrypted log according to an embodiment of the present application is shown. As shown in fig. 3, the encryption log storage method may include: step 301, step 302 and step 303.
Step 301: and determining whether the local storage space of the target BMC meets the storage condition of the encrypted log information.
In this embodiment, after the original log information is encrypted by using the first encryption algorithm to obtain the encrypted log information, it may be first determined whether the local storage space of the target BMC meets the storage condition of the encrypted log information. For example, the target BMC may have 5M local memory remaining. When the storage space occupied by the encrypted log information is larger than 5M, the local storage space of the target BMC is indicated to meet the storage condition of the encrypted log information. And when the occupied storage space of the encrypted log information is less than or equal to 5M, the local storage space of the target BMC is not satisfied with the storage condition of the encrypted log information.
It will be appreciated that the above examples are only examples listed for better understanding of the technical solutions of the embodiments of the present application, and are not to be construed as the only limitation of the present embodiments.
After determining that the local storage space of the target BMC satisfies the storage condition of the encrypted log information, step 302 is performed. After determining that the local storage space of the target BMC does not satisfy the storage condition of the encrypted log information, step 303 is performed.
Step 302: and storing the encrypted log information in the local storage space in response to the local storage space meeting the storage condition of the encrypted log information.
After determining that the local storage space of the target BMC meets the storage condition of the encrypted log information, the encrypted log information may be stored in the local storage space of the target BMC in response to the local storage space meeting the storage condition of the encrypted log information.
Step 303: and transmitting the encrypted log information and the digital signature information of the target BMC to a first BMC of the distributed storage system in response to the local storage space not meeting the storage condition of the encrypted log information, so that the first BMC can verify the digital signature information, and after the verification is completed, storing the encrypted log information in the storage space of the first BMC.
The first BMC is other BMCs which meet the storage condition of the encrypted log information in the distributed storage system.
After determining that the local storage space of the target BMC meets the storage condition of the encrypted log information, the local storage space may send the encrypted log information and the digital signature information of the target BMC to the first BMC of the distributed storage system in response to the local storage space not meeting the storage condition of the encrypted log information, so that the first BMC verifies the digital signature information, and after the verification is completed, stores the encrypted log information in the storage space of the first BMC.
According to the embodiment of the application, the BMC is used as a node of distributed storage by utilizing the self storage space and the external expansion space of the BMC. The log storage pressure of a single BMC can be balanced, the defects of the prior art are overcome, and the log is stored more permanently.
In a specific implementation, the target BMC may search for a first BMC that satisfies the encrypted log information storage condition by using a device discovery protocol, and send the encrypted log information. This implementation may be described in detail below in conjunction with fig. 4.
Referring to fig. 4, a flowchart illustrating steps of an encryption log sending method provided in an embodiment of the present application is shown. As shown in fig. 4, the encryption log transmission method may include: step 401 and step 402.
Step 401: and calling the target BMC to search a first BMC in the distributed storage system by adopting a device discovery protocol.
In this embodiment, the device discovery protocol may provide a mechanism for discovering devices within the network, which in this example may be, but is not limited to, the SSDP protocol.
And when the local storage space of the target BMC does not meet the storage condition of the encrypted log information, the target BMC can be called to search a first BMC in the distributed storage system by adopting a device discovery protocol.
After invoking the target BMC to find the first BMC within the distributed storage system using the device discovery protocol, step 402 is performed.
Step 402: and sending the encrypted log information and the digital signature information of the target BMC to the first BMC.
After the target BMC is called to search the first BMC in the distributed storage system by adopting the device discovery protocol, the encrypted log information and the digital signature information of the target BMC can be sent to the first BMC. Specifically, the target BMC may read the digital signature information from its swiped in firmware and then send the encrypted log information and its digital signature information to the first BMC.
According to the embodiment of the application, the first BMC in the distributed storage system is discovered by adopting the device discovery protocol, so that the external expansion space can be effectively utilized, and the log storage pressure of a single BMC is balanced.
Step 102: and calling the target BMC to process the original log information, and generating log abstract information corresponding to the original log information.
After the target BMC locally generates the original log information, the target BMC can be called to process the original log information so as to generate log abstract information corresponding to the original log information. Specifically, the log digest may be generated according to a log hash value of the original log information, a log event type code, and digital signature information of the target BMC. This implementation may be described in detail below in conjunction with fig. 5.
Referring to fig. 5, a flowchart illustrating steps of a log summary generating method according to an embodiment of the present application is shown. As shown in fig. 5, the log summary generating method may include: step 501 and step 502.
Step 501: and calling the target BMC to acquire the log hash value and the log event type code of the original log information and the digital signature information of the target BMC.
In this embodiment, after the target BMC locally generates the original log information, the log hash value and the log event type code of the original log information, and the digital signature information of the target BMC (i.e., the digital signature information is read from the firmware pre-written into the target BMC) may be obtained.
The log event type code may be used to indicate the type of original log information, such as an audit log, an alarm log, etc.
The digital signature information can be used for identifying the target BMC generating the log.
The log hash value may be used to verify the integrity of the log. In this example, the log hash value may be calculated using a hash algorithm, and this implementation is described in detail below in conjunction with fig. 6.
Referring to fig. 6, a step flowchart of a log hash value obtaining method provided in an embodiment of the present application is shown. As shown in fig. 6, the log hash value obtaining method may include: step 601.
Step 601: and calling the target BMC to perform hash calculation on the original log information by adopting a hash algorithm to obtain a log hash value of the original log information.
In this embodiment, after the target BMC obtains the locally generated original log information, the target BMC may be called to perform hash calculation on the original log information by using a hash algorithm, so as to obtain a log hash value of the original log information. For example, the sha256 algorithm may calculate the original log information, and the log hash value may be used to verify the integrity of the log.
According to the embodiment of the application, the hash algorithm is adopted to perform hash calculation on the original log information to obtain the log hash value of the original log information, so that the integrity of the log can be verified.
After the target BMC is called to obtain the log hash value and the log event type code of the original log information, and the digital signature information of the target BMC, step 502 is executed.
Step 502: and generating the log abstract information based on the log hash value, the log event type code and the digital signature information.
After the target BMC is called to acquire the log hash value and the log event type code of the original log information and the digital signature information of the target BMC, the log abstract information can be generated based on the log hash value, the log event type code and the digital signature information. I.e. the log summary data consists of the Hash value of the log, the log event type code and the digital signature of the log generator (i.e. the target BMC). As shown in fig. 14, the log digest may be composed of a digital signature of the BMC, a hash value of the audit log/event alert log, and an event type.
According to the embodiment of the application, the log summary information is generated to be stored in the blockchain, the log summary data is uploaded to the blockchain through various encryption measures, and the blockchain can verify that the log information is not tampered.
After the target BMC is invoked to process the original log information to generate log summary information corresponding to the original log information, step 103 is executed.
Step 103: the log summary information is stored within a data block in the blockchain.
After the target BMC is called to process the original log information to generate log abstract information corresponding to the original log information, the log abstract information can be stored in a data block in a block chain. Specifically, the log summary information and the decryption key of the first encryption algorithm that encrypts the original log information may be sent together into the blockchain structure for storage. This implementation may be described in detail below in conjunction with fig. 7.
Referring to fig. 7, a flowchart illustrating steps of a log summary storing method according to an embodiment of the present application is shown. As shown in fig. 7, the log summary storing method may include: step 701 and step 702.
Step 701: a decryption key of the first encryption algorithm is obtained.
In this embodiment, the decryption key of the first encryption algorithm may be obtained while the original log information is encrypted using the first encryption algorithm.
After the decryption key of the first encryption algorithm is obtained, step 702 is performed.
Step 702: the log summary information and the decryption key are stored within a data block of the blockchain.
The data block includes a block header and a block body, and the block header mainly includes a Hash value of a previous block. The example adds the event stamp of the alarm in the block header, which is convenient for retrieving the alarm occurring in a specific time. The block stores the log summary data in a Merkle tree (hash tree/Merkel tree) structure, wherein the Merkle tree is a common data structure of a blockchain.
After the decryption key of the first encryption algorithm is obtained and the log summary information of the original log information is generated, the log summary information and the decryption key of the first encryption algorithm may be stored in a data block of the blockchain.
According to the method and the device, the decryption key of the first encryption algorithm is sent to the blockchain for subsequent storage, so that the user can decrypt the encrypted original log information during later retrieval.
In a specific implementation, before the log summary information and the decryption key are stored in the data block of the blockchain, the log summary information, the decryption key and the BMC information of the target BMC may be encrypted, and the encrypted log summary may be sent to the blockchain for storage. Specifically, the blockchain may first perform identity verification on the target BMC, and after the verification is passed, the log digest may be stored.
The process of storing the log summary may be described in detail below in conjunction with fig. 8.
Referring to fig. 8, a flowchart illustrating steps of another log summary storage method according to an embodiment of the present application is shown. As shown in fig. 8, the log summary storing method may include: step 801, step 802, step 803, and step 804.
Step 801: and decrypting the encrypted log abstract based on a target decryption key corresponding to the second encryption algorithm to obtain the log abstract information, the decryption key of the first encryption algorithm and the BMC information of the target BMC.
In this embodiment, after the blockchain obtains the encrypted log digest sent by the target BMC, the encrypted log digest is obtained by encrypting, by the target BMC, the log digest information, the decryption key of the first encryption algorithm, and the BMC information of the target BMC using the second encryption algorithm. And then, decrypting the encrypted log abstract based on the target decryption key corresponding to the second encryption algorithm to obtain log abstract information, the decryption key of the first encryption algorithm and BMC information of the target BMC.
After decrypting the log digest information, the decryption key of the first encryption algorithm, and the BMC information of the target BMC, step 802 is performed.
Step 802: and analyzing to obtain the digital signature information of the target BMC in the log abstract information.
After the log summary information, the decryption key of the first encryption algorithm and the BMC information of the target BMC are obtained through decryption, the digital signature information of the target BMC in the log summary information can be obtained through analysis.
After parsing the digital signature information of the target BMC in the log summary information, step 803 is performed.
Step 803: and based on the BMC information and the digital signature information, performing identity verification on the target BMC.
After the digital signature information of the target BMC in the log summary information is obtained through analysis, the identity of the target BMC can be verified based on the BMC information and the digital signature information, so that the accuracy of the identity of the target BMC can be verified.
Step 804: after verification is successful, the log summary information, the decryption key and the BMC information of the target BMC are stored in a block body of the data block, and the timestamp information of the data block is stored in a block head of the data block.
After the verification is successful, the log summary information, the decryption key and the BMC information of the target BMC can be stored in the block body of the data block, and the time stamp information of the data block is stored in the block head of the data block. Namely, after the block chain node receives the encryption information, the digital identity contract firstly uses an RSA asymmetric algorithm to decrypt, verifies the identity information of an uploading user (BMC), and stores the log abstract data in the block body after the verification is completed.
Wherein the timestamp information may be used to indicate a time of generation of the data block.
In the embodiment of the application, the BMC performs uplink verification, the BMC can automatically send identity authentication information to the blockchain, the blockchain digital identity contract verifies the BMC identity information, and after verification is successful, the blockchain issues an RSA algorithm public key to the BMC. The BMC can normally use the distributed log storage function based on the blockchain. Firstly, the BMC analyzes the log, extracts a log event type code, encrypts the newly generated log by using an AES symmetric encryption algorithm, and the encrypted Hadoop distributed storage service stores the original content of the log. Then, the BMC calculates a Hash value of the original content file of the log by using an SHA256 algorithm, and generates log abstract data in a generating mode: log Hash value + log event type code + BMC digital signature. And taking the BMC as a node of distributed storage by utilizing the self storage space and the external expansion space of the BMC. The log storage pressure of a single BMC can be balanced, the defects of the prior art are overcome, and the log is stored more permanently. Meanwhile, the log abstract data is extracted from the log original data, and is uploaded to the blockchain through various encryption measures, so that the blockchain can verify that the log information is not tampered. The blockchain is combined with a distributed storage structure to increase retrievability and accessibility of the log.
In the embodiment of the application, when the log is queried, the corresponding log abstract can be searched from the blockchain, and if the complete original log information is required to be acquired, the query of the original log can be performed according to the queried log abstract. This implementation may be described in detail below in conjunction with fig. 9.
Referring to fig. 9, a flowchart illustrating steps of a method for sending original log information according to an embodiment of the present application is shown. As shown in fig. 9, the original log information transmission method may include: step 901, step 902 and step 903.
Step 901: and analyzing the received log query request of the user to obtain the log query keywords.
In this embodiment, when the user wants to view the log, a log query request may be sent by the user to the blockchain. Further, the received log query request of the user may be parsed to obtain log query keywords.
In a specific implementation, the log query request can carry a digital signature of the user so as to authenticate the user, and meanwhile, the log query keyword and the user digital signature of the user can be obtained after the log query request is decrypted. This implementation may be described in detail below in conjunction with fig. 10.
Referring to fig. 10, a flowchart of steps of a keyword obtaining method provided in an embodiment of the present application is shown. As shown in fig. 10, the keyword acquisition method may include: step 1001 and step 1002.
Step 1001: and acquiring the log query request and the first decryption key sent by the user.
In this embodiment, when the user queries or retrieves the log, the user may send an encrypted log query request to the blockchain, along with the corresponding decryption key, i.e., the first decryption key. Thus, the log query request and the first decryption key sent by the user can be acquired.
After obtaining the log query request and the first decryption key sent by the user, step 1002 is performed.
Step 1002: and decrypting the log query request based on the first decryption key to obtain the log query keyword and the user digital signature of the user.
After the block chain is called to acquire the log query request and the first decryption key sent by the user, the log query request can be decrypted based on the first decryption key to obtain the log query keyword and the user digital signature of the user.
According to the method and the device for verifying the user identity, the user digital signature is carried in the log query request, so that the blockchain can verify the user identity conveniently, the log is prevented from being illegally acquired by others, and the security of the log is improved.
After parsing the log query request to obtain log query keywords, step 902 is performed.
Step 902: inquiring to obtain target log abstract information corresponding to the log inquiry keywords, and sending the target log abstract information to the distributed storage system.
After the log query request is analyzed to obtain the log query keywords, target log abstract information corresponding to the log query keywords can be queried and obtained, and the target log abstract information is sent to the distributed storage system.
In the specific implementation, the user can be authenticated by the digital signature of the user, and the log abstract information corresponding to the log query keyword is queried after the authentication is passed. This implementation may be described in detail below in conjunction with fig. 11.
Referring to fig. 11, a step flowchart of a target log summary query method provided in an embodiment of the present application is shown. As shown in fig. 11, the target log summary query method may include: step 1101 and step 1102.
Step 1101: and authenticating the user based on the user digital signature.
In this embodiment, after the user digital signature is obtained by parsing, the blockchain may be invoked to authenticate the user based on the user digital signature.
After authenticating the user based on the user digital signature, step 1102 is performed.
Step 1102: and after the identity verification is passed, inquiring to obtain target log abstract information corresponding to the log inquiry keywords.
After authenticating the user based on the user digital signature, it may be determined whether the user identity is authenticated. After the user identity verification is passed, the target log abstract information corresponding to the log query keyword can be queried and obtained.
By verifying the user identity for log inquiry, the problem that the log safety coefficient is reduced due to illegal inquiry of the log by other people can be avoided.
After the query obtains the target log summary information corresponding to the log query keyword, and sends the target log summary information to the distributed storage system, step 903 is performed.
Step 903: inquiring to obtain target original log information corresponding to the target log abstract information, and sending the target original log information to the user.
After the target log summary information corresponding to the log query keyword is obtained by query and the target log summary information is sent to the distributed storage system, the distributed storage system can be called to query to obtain target original log information corresponding to the target log summary information and the target original log information is sent to the user.
In a specific implementation, the original log queried from the distributed storage system is encrypted, so that the original log needs to be decrypted and then sent before being sent to the user. This implementation may be described in detail below in conjunction with fig. 12.
Referring to fig. 12, a flowchart illustrating steps of a method for transmitting a decrypted original log according to an embodiment of the present application is shown. As shown in fig. 12, the decrypted original log transmitting method may include: step 1201 and step 1202.
Step 1201: and decrypting the target original log information based on a decryption key of the first encryption algorithm to obtain decrypted original log information.
In this embodiment, after the distributed storage system queries the target original log information, the target original log information may be decrypted based on the decryption key of the first encryption algorithm to obtain the decrypted original log information.
After decrypting the target original log information based on the decryption key of the first encryption algorithm to obtain decrypted original log information, step 1202 is performed.
Step 1202: and sending the decrypted original log information to the user.
After decrypting the target original log information based on the decryption key of the first encryption algorithm to obtain decrypted original log information, the decrypted original log information may be transmitted to the user.
In this example, the user sends a mnemonic (i.e., the first decryption key in this example) to the blockchain for authentication with the digital signature, and after the digital identity contract authentication is completed, the user may simply query or multi-conditional advanced query the log information already stored on the blockchain based on the log event type code, the point in time, the log generation device, and other keywords.
According to the log storage method of the distributed log storage system, the original log information generated locally is stored in the distributed storage nodes by calling the target BMC in the distributed storage system. And calling the target BMC to process the original log information and generating log abstract information corresponding to the original log information. Log summary information is stored within data blocks in a blockchain. According to the embodiment of the application, the BMC is used as a node of distributed storage by utilizing the self storage space and the external expansion space of the BMC. The log storage pressure of a single BMC can be balanced, the defects of the prior art are overcome, and the log is stored more permanently. Meanwhile, the log abstract data is extracted from the log original data, and is uploaded to the blockchain through various encryption measures, so that the blockchain can verify that the log information is not tampered. The blockchain is combined with a distributed storage structure to increase retrievability and accessibility of the log.
Referring to fig. 15, a schematic structural diagram of a log storage device of a distributed log storage system according to an embodiment of the present application is shown, where the distributed log storage system includes: a distributed storage system and a blockchain comprising a plurality of BMCs as distributed storage nodes. As shown in fig. 15, the log storage 1500 of the distributed log storage system may include the following modules:
an original log storage module 1510, configured to invoke a target BMC in the distributed storage system to store locally generated original log information in the distributed storage node;
a log summary generating module 1520, configured to invoke the target BMC to process the original log information, and generate log summary information corresponding to the original log information;
the log summary storage module 1530 is configured to store the log summary information in a data block in the blockchain.
Optionally, the original log storage module includes:
the encryption log generation unit is used for calling the target BMC to encrypt the original log information based on a first encryption algorithm to generate encryption log information;
and the encryption log storage unit is used for storing the encryption log information in the distributed storage nodes.
Optionally, the encryption log storage unit includes:
a storage condition determining subunit, configured to determine whether a local storage space of the target BMC meets a storage condition of the encrypted log information;
a first log storage subunit, configured to store the encrypted log information in a local storage space in response to the local storage space meeting a storage condition of the encrypted log information;
and the second log storage subunit is used for responding that the local storage space does not meet the storage condition of the encrypted log information, sending the encrypted log information and the digital signature information of the target BMC to a first BMC of the distributed storage system, verifying the digital signature information by the first BMC, and storing the encrypted log information in the storage space of the first BMC after the verification is completed.
Optionally, the second log storage subunit includes:
the first BMC searching subunit is used for calling the target BMC to search the first BMC in the distributed storage system by adopting a device discovery protocol;
and the encryption log storage subunit is used for sending the encryption log information and the digital signature information of the target BMC to the first BMC.
Optionally, the log summary generating module includes:
the digital signature acquisition unit is used for calling the target BMC to acquire the log hash value and the log event type code of the original log information and the digital signature information of the target BMC;
and the log digest generating unit is used for generating the log digest information based on the log hash value, the log event type code and the digital signature information.
Optionally, the digital signature acquisition unit includes:
and the log hash value acquisition subunit is used for calling the target BMC to perform hash calculation on the original log information by adopting a hash algorithm to obtain a log hash value of the original log information.
Optionally, the log summary storage module includes:
a decryption key acquisition unit configured to acquire a decryption key of the first encryption algorithm;
and the log digest storage unit is used for storing the log digest information and the decryption key in a data block of the blockchain.
Optionally, the log summary storage unit includes:
the encryption summary decryption subunit is used for decrypting the encryption log summary based on a target decryption key corresponding to the second encryption algorithm to obtain the log summary information, the decryption key of the first encryption algorithm and BMC information of the target BMC;
The log abstract analysis subunit is used for analyzing and obtaining the digital signature information of the target BMC in the log abstract information;
the identity verification subunit is used for carrying out identity verification on the target BMC based on the BMC information and the digital signature information;
and the log abstract storage subunit is used for storing the log abstract information, the decryption key and the BMC information of the target BMC in the block body of the data block after the verification is successful, and the timestamp information of the data block is stored in the block head of the data block.
Optionally, the apparatus further comprises:
the keyword acquisition module is used for analyzing the received log query request of the user to obtain log query keywords;
the target abstract query module is used for querying to obtain target log abstract information corresponding to the log query keywords;
and the target original log sending module is used for inquiring and obtaining target original log information corresponding to the target log abstract information and sending the target original log information to the user.
Optionally, the keyword obtaining module includes:
the inquiry request acquisition unit is used for acquiring the log inquiry request and the first decryption key sent by the user;
And the keyword acquisition unit is used for decrypting the log query request based on the first decryption key to obtain the log query keyword and the user digital signature of the user.
Optionally, the target abstract query module includes:
a user identity verification unit, configured to perform identity verification on the user based on the user digital signature;
and the target abstract query unit is used for querying to obtain target log abstract information corresponding to the log query keywords after the identity verification is passed.
Optionally, the target original log sending module includes:
the decryption log information acquisition unit is used for decrypting the target original log information based on a decryption key of the first encryption algorithm to obtain decryption original log information;
and the decryption log information sending unit is used for sending the decryption original log information to the user.
According to the log storage device of the distributed log storage system, the original log information generated locally is stored in the distributed storage nodes by calling the target BMC in the distributed storage system. And calling the target BMC to process the original log information and generating log abstract information corresponding to the original log information. Log summary information is stored within data blocks in a blockchain. According to the embodiment of the application, the BMC is used as a node of distributed storage by utilizing the self storage space and the external expansion space of the BMC. The log storage pressure of a single BMC can be balanced, the defects of the prior art are overcome, and the log is stored more permanently. Meanwhile, the log abstract data is extracted from the log original data, and is uploaded to the blockchain through various encryption measures, so that the blockchain can verify that the log information is not tampered. The blockchain is combined with a distributed storage structure to increase retrievability and accessibility of the log.
Additionally, the embodiment of the application also provides electronic equipment, which comprises: the system comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the computer program realizes the log storage method of the distributed log storage system when being executed by the processor.
Fig. 16 shows a schematic structural diagram of an electronic device 1600 according to an embodiment of the present invention. As shown in fig. 16, the electronic device 1600 includes a Central Processing Unit (CPU) 1601 that may perform various suitable actions and processes in accordance with computer program instructions stored in a Read Only Memory (ROM) 1602 or loaded from a storage unit 1608 into a Random Access Memory (RAM) 1603. In the RAM1603, various programs and data required for the operation of the electronic device 1600 may also be stored. The CPU1601, ROM1602, and RAM1603 are connected to each other by a bus 1604. An input/output (I/O) interface 1605 is also connected to the bus 1604.
Various components in electronic device 1600 are connected to I/O interface 1605, including: an input unit 1606 such as a keyboard, mouse, microphone, etc.; an output unit 1607 such as various types of displays, speakers, and the like; a storage unit 1608, such as a magnetic disk, an optical disk, or the like; and a communication unit 1609, such as a network card, modem, wireless communication transceiver, or the like. The communication unit 1609 allows the electronic device 1600 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunications networks.
The respective procedures and processes described above may be executed by the processing unit 1601. For example, the method of any of the embodiments described above may be implemented as a computer software program tangibly embodied on a computer-readable medium, such as the storage unit 1608. In some embodiments, some or all of the computer programs may be loaded and/or installed onto electronic device 1600 via ROM1602 and/or communication unit 1609. When the computer program is loaded into RAM1603 and executed by CPU1601, one or more acts of the methods described above may be performed.
The embodiment of the application also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements each process of the log storage method embodiment of the distributed log storage system, and can achieve the same technical effect, so that repetition is avoided, and no further description is provided here. Wherein the computer readable storage medium is selected from Read-Only Memory (ROM), random access Memory (Random Access Memory, RAM), magnetic disk or optical disk.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (14)

1. A log storage method of a distributed log storage system, the distributed log storage system comprising: the method comprises the steps of including a plurality of distributed storage systems and blockchains taking BMCs as distributed storage nodes, wherein each BMC is internally provided with firmware supporting the blockchain function, and digital signature information of each BMC is built in the corresponding firmware, and the method comprises the following steps:
invoking a target BMC in the distributed storage system to store locally generated original log information in the distributed storage node;
invoking the target BMC to process the original log information and generating log abstract information corresponding to the original log information;
storing the log summary information within a data block in the blockchain;
the target BMC is called to process the original log information, and log abstract information corresponding to the original log information is generated, and the method comprises the following steps:
invoking the target BMC to acquire a log hash value and a log event type code of the original log information and digital signature information of the target BMC;
and generating the log abstract information based on the log hash value, the log event type code and the digital signature information.
2. The method of claim 1, wherein the invoking the target BMC within the distributed storage system to store locally generated raw log information at the distributed storage node comprises:
invoking the target BMC to encrypt the original log information based on a first encryption algorithm to generate encrypted log information;
and storing the encrypted log information in the distributed storage node.
3. The method of claim 2, wherein storing the encrypted log information at the distributed storage node comprises:
determining whether the local storage space of the target BMC meets the storage condition of the encrypted log information;
storing the encrypted log information in the local storage space in response to the local storage space meeting the storage condition of the encrypted log information;
and transmitting the encrypted log information and the digital signature information of the target BMC to a first BMC of the distributed storage system in response to the local storage space not meeting the storage condition of the encrypted log information, so that the first BMC can verify the digital signature information, and after the verification is completed, storing the encrypted log information in the storage space of the first BMC.
4. The method of claim 3, wherein the sending the encrypted log information and the digital signature information of the target BMC to the first BMC of the distributed storage system comprises:
invoking the target BMC to search a first BMC in the distributed storage system by adopting a device discovery protocol;
and sending the encrypted log information and the digital signature information of the target BMC to the first BMC.
5. The method of claim 4, wherein the invoking the target BMC to obtain the log hash value of the original log information comprises:
and calling the target BMC to perform hash calculation on the original log information by adopting a hash algorithm to obtain a log hash value of the original log information.
6. The method of claim 2, wherein storing the log summary information within a data block in the blockchain comprises:
obtaining a decryption key of the first encryption algorithm;
the log summary information and the decryption key are stored within a data block of the blockchain.
7. The method of claim 6, wherein storing the log summary information and the decryption key within a data block of the blockchain comprises:
Decrypting the encrypted log summary based on a target decryption key corresponding to the second encryption algorithm to obtain log summary information, a decryption key of the first encryption algorithm and BMC information of the target BMC; the encrypted log summary is obtained by encrypting the log summary information, a decryption key of a first encryption algorithm and BMC information of the target BMC by adopting a second encryption algorithm;
analyzing to obtain digital signature information of the target BMC in the log abstract information;
based on the BMC information and the digital signature information, performing identity verification on the target BMC;
after verification is successful, the log summary information, the decryption key and the BMC information of the target BMC are stored in a block body of the data block, and the timestamp information of the data block is stored in a block head of the data block.
8. The method of claim 1, further comprising, after said storing said log summary information within a data block in said blockchain:
analyzing the received log query request of the user to obtain a log query keyword;
inquiring to obtain target log abstract information corresponding to the log inquiry keywords;
Inquiring to obtain target original log information corresponding to the target log abstract information, and sending the target original log information to the user.
9. The method of claim 8, wherein the parsing the received log query request of the user to obtain the log query keyword comprises:
acquiring the log query request and a first decryption key sent by the user;
and decrypting the log query request based on the first decryption key to obtain the log query keyword and the user digital signature of the user.
10. The method of claim 9, wherein the querying obtains target log summary information corresponding to the log query keywords, comprising:
authenticating the user based on the user digital signature;
and after the identity verification is passed, inquiring to obtain target log abstract information corresponding to the log inquiry keywords.
11. The method of claim 8, wherein the sending the target raw log information to the user comprises:
decrypting the target original log information based on a decryption key of the first encryption algorithm to obtain decrypted original log information;
And sending the decrypted original log information to the user.
12. A log storage device of a distributed log storage system, the distributed log storage system comprising: the device comprises a plurality of distributed storage systems and blockchains taking BMCs as distributed storage nodes, wherein each BMC is internally provided with firmware supporting the blockchain function, digital signature information of each BMC is built in the corresponding firmware, and the device comprises:
the original log storage module is used for calling a target BMC in the distributed storage system to store the locally generated original log information in the distributed storage node;
the log abstract generation module is used for calling the target BMC to process the original log information and generating log abstract information corresponding to the original log information;
the log abstract storage module is used for storing the log abstract information in a data block in the block chain;
the log abstract generating module comprises:
the digital signature acquisition unit is used for calling the target BMC to acquire the log hash value and the log event type code of the original log information and the digital signature information of the target BMC;
And the log digest generating unit is used for generating the log digest information based on the log hash value, the log event type code and the digital signature information.
13. An electronic device, comprising:
memory, a processor and a computer program stored on the memory and executable on the processor, which when executed by the processor implements the log storage method of the distributed log storage system of any of claims 1 to 11.
14. A readable storage medium, characterized in that instructions in the storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the log storage method of the distributed log storage system of any one of claims 1 to 11.
CN202311473894.1A 2023-11-07 2023-11-07 Log storage method, device, equipment and medium of distributed log storage system Active CN117194334B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311473894.1A CN117194334B (en) 2023-11-07 2023-11-07 Log storage method, device, equipment and medium of distributed log storage system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311473894.1A CN117194334B (en) 2023-11-07 2023-11-07 Log storage method, device, equipment and medium of distributed log storage system

Publications (2)

Publication Number Publication Date
CN117194334A CN117194334A (en) 2023-12-08
CN117194334B true CN117194334B (en) 2024-02-09

Family

ID=88989108

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311473894.1A Active CN117194334B (en) 2023-11-07 2023-11-07 Log storage method, device, equipment and medium of distributed log storage system

Country Status (1)

Country Link
CN (1) CN117194334B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110839015A (en) * 2019-10-12 2020-02-25 深圳壹账通智能科技有限公司 Log storage and reading method, device, equipment and medium based on block chain
US20200382312A1 (en) * 2019-06-03 2020-12-03 Dell Products, Lp System and method for shared end device authentication for in-band requests
CN112968962A (en) * 2021-02-23 2021-06-15 北京工业大学 Cloud platform storage resource scheduling method based on distributed computer cluster architecture
CN114595205A (en) * 2021-11-29 2022-06-07 国网辽宁省电力有限公司大连供电公司 Block chain-based power system log partition storage and retrieval verification method
CN115099824A (en) * 2022-06-27 2022-09-23 浙江师范大学 Block chain consensus method, system, medium and terminal for realizing mobile crowd sensing
CN115422048A (en) * 2022-08-22 2022-12-02 曙光信息产业股份有限公司 Link stability testing method and device, computer equipment and storage medium
CN116089985A (en) * 2023-04-07 2023-05-09 北京优特捷信息技术有限公司 Encryption storage method, device, equipment and medium for distributed log
US20230205761A1 (en) * 2020-07-30 2023-06-29 Encapsa Technology Llc Method of creating a distributed ledger for a blockchain via encapsulation of off-chain data
CN116975117A (en) * 2022-04-21 2023-10-31 中国移动通信集团黑龙江有限公司 Log data management method and device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200382312A1 (en) * 2019-06-03 2020-12-03 Dell Products, Lp System and method for shared end device authentication for in-band requests
CN110839015A (en) * 2019-10-12 2020-02-25 深圳壹账通智能科技有限公司 Log storage and reading method, device, equipment and medium based on block chain
US20230205761A1 (en) * 2020-07-30 2023-06-29 Encapsa Technology Llc Method of creating a distributed ledger for a blockchain via encapsulation of off-chain data
CN112968962A (en) * 2021-02-23 2021-06-15 北京工业大学 Cloud platform storage resource scheduling method based on distributed computer cluster architecture
CN114595205A (en) * 2021-11-29 2022-06-07 国网辽宁省电力有限公司大连供电公司 Block chain-based power system log partition storage and retrieval verification method
CN116975117A (en) * 2022-04-21 2023-10-31 中国移动通信集团黑龙江有限公司 Log data management method and device
CN115099824A (en) * 2022-06-27 2022-09-23 浙江师范大学 Block chain consensus method, system, medium and terminal for realizing mobile crowd sensing
CN115422048A (en) * 2022-08-22 2022-12-02 曙光信息产业股份有限公司 Link stability testing method and device, computer equipment and storage medium
CN116089985A (en) * 2023-04-07 2023-05-09 北京优特捷信息技术有限公司 Encryption storage method, device, equipment and medium for distributed log

Also Published As

Publication number Publication date
CN117194334A (en) 2023-12-08

Similar Documents

Publication Publication Date Title
CN106549750B (en) With the method implemented by computer and use its system and computer program product
US11868509B2 (en) Method and arrangement for detecting digital content tampering
US11582042B2 (en) Industrial data verification using secure, distributed ledger
KR100936920B1 (en) Method, Client and System for Reservation Connection to Management Server using One-Time Password
CN111708991A (en) Service authorization method, service authorization device, computer equipment and storage medium
KR20180120157A (en) Data set extraction based pattern matching
CN112398860A (en) Safety control method and device
CN109657492B (en) Database management method, medium, and electronic device
CN104991526A (en) Industrial control system safe support framework and data safe transmission and storage method thereof
CN106790045B (en) distributed virtual machine agent device based on cloud environment and data integrity guarantee method
CN111629012B (en) Communication method, communication device, access control system, access control equipment and storage medium
US11101995B1 (en) Secure video content transmission over a computer network
CN112671735B (en) Data encryption sharing system and method based on block chain and re-encryption
CN114595205A (en) Block chain-based power system log partition storage and retrieval verification method
US20220237326A1 (en) System and method for certifying integrity of data assets
CN115412269A (en) Service processing method, device, server and storage medium
Ye et al. TamForen: A tamper‐proof cloud forensic framework
CN114629713A (en) Identity verification method, device and system
CN110188545B (en) Data encryption method and device based on chained database
Duan et al. Data storage security for the internet of things
CN117194334B (en) Log storage method, device, equipment and medium of distributed log storage system
Feng et al. Autonomous Vehicles' Forensics in Smart Cities
CN114189515B (en) SGX-based server cluster log acquisition method and device
CN113515728B (en) Internet of things platform software authorization control system and method based on multistage deployment
US11522842B2 (en) Central trust hub for interconnectivity device registration and data provenance

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant