CN101453378A - Method and system for log damp and audit - Google Patents
Method and system for log damp and audit Download PDFInfo
- Publication number
- CN101453378A CN101453378A CNA2008102475508A CN200810247550A CN101453378A CN 101453378 A CN101453378 A CN 101453378A CN A2008102475508 A CNA2008102475508 A CN A2008102475508A CN 200810247550 A CN200810247550 A CN 200810247550A CN 101453378 A CN101453378 A CN 101453378A
- Authority
- CN
- China
- Prior art keywords
- log
- dump
- journal
- file
- journal file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a method and a system for dumping and auditing logs with strong universality and expansibility. The method comprises: establishing a profile, recording names of log types to be dumped, field to be dumped corresponding to each log type and display name of each field to be dumped in the profile; during dumping the logs, according to record of the profile, looking up a log list matched with the log type to be dumped, and storing the field to be dumped in the found log list into a log file; and during auditing the logs, looking up the log file matched with auditing conditions, and parsing and displaying the found log file according to the record of the profile.
Description
Technical field
The present invention relates to the network log treatment technology, be specifically related to the method and system of journal dump and audit.
Background technology
At present, enterprise can connect for the employee provides network usually, rationally utilizes the Internet resource in order to guarantee enterprise, prevents that company information from leaking, and employee's internet behavior can be recorded in the network log (Log) usually.By network log is audited, can know whether the employee exists behavior, the employee of abuse enterprise network resource to use network all to do a little what and the employees visit situation to network and public server.
Network log is kept in the log database.The finite capacity of log database, but network log is again a magnanimity, and this just needs regularly with the network log dump, with the protection internet records.Wherein, journal dump is derived daily record and is kept in the journal file exactly from log database.Existing dump operation generally all depends on the export function of log database.
Behind journal dump, the auditing method to dumping log need be provided, make webmaster can check the network log content.Wherein, the daily record audit is exactly the show log file content.Existing audit operation has dual mode: the one, in the import feature importing log database of journal file with dump, daily record is shown by the original software interface of log database by log database; The 2nd, adopt special file audit facility, directly log file contents is resolved and show.
But there is following defective in the scheme of existing journal dump and audit:
At first, dissimilar daily records is kept in the different log sheets, if wish to derive A, B, C three class daily records, just need export function be set at this three classes daily record.Export function is set realizes, when programming finishes, need recompilate programming code by system programming, compile successfully after, the derivation of log database support A, B, C three class daily records.When the newly-increased a kind of Log Types of needs, must be at the newly-increased corresponding export function of this newly-increased Log Types, and then compiling, compile successfully after, log database is supported the derivation of new Log Types.In like manner, when adopting the journal file of log database audit derivation, also need import feature be set at every class daily record.If adopt special file audit facility audit log file, also need import feature to be set for every class daily record, but also the field name in the log database need be resolved to display Name, for example the field name in the log database " start_time " is resolved to " time started ", adopt display Name to show each field then, otherwise the auditor can't understand the journal file of demonstration.
As seen, no matter be to adopt log database to realize dump and audit, perhaps adopt the file audit facility to realize audit, if newly-increased a kind of Log Types, must derive the function of part and audit part at newly-increased Log Types exploitation, with adaptive new Log Types, therefore existing journal dump and audit program versatility and autgmentability are all undesirable.
Secondly, common every class daily record is dumped in the journal file, therefore the huge situation of journal file can occur.If adopt directly big file import system like this of log database or file audit facility, not only service speed is slow, and the importing time is long, and consume system resources greatly, and the probability of makeing mistakes during importing is big.
Summary of the invention
In view of this, the invention provides a kind of journal dump and auditing method, can solve the adaptive problem of daily record of dump and audit, solve journal dump and the versatility of audit program and the defective of autgmentability difference in the prior art.
This method comprises:
Set up configuration file, record treats that the title of dumping log type, treat dump field and each of each Log Types correspondence treat the display Name of dump field in configuration file;
When dumping log, treat the dumping log type and treat the dump field according to what described configuration file write down, search and treat the log sheet of dumping log type matching, the dump field for the treatment of in the log sheet that finds is saved in the journal file;
When audit log, search the journal file with audit condition coupling, according to the display Name of described configuration file record, the journal file that finds is resolved and shown.
Preferably, this method further comprises: when increasing Log Types, with the title of newly-increased Log Types, corresponding treating the dump field and treat that the display Name of dump field adds in the described configuration file;
In deletion during Log Types, with wait to delete Log Types title, corresponding treat the dump field and treat that the display Name of dump field deletes from described configuration file.
Preferably, this method further comprises: with the configuration file registration, adopt the configuration file content executive dumping and the audit operation of registration.
Wherein, described log sheet is a hour log sheet, the daily record in each hour log sheet storage Preset Time length;
Described according to the treating the dumping log type and treat the dump field of described configuration file record, search and treat that the log sheet of dumping log type matching comprises: one by one the dumping log type of respectively treating in the configuration file is handled; Handle currently when treating the dumping log type, search and current each hour log sheet for the treatment of the dumping log type matching.
Wherein, described searching with current each hour log sheet of dumping log type matching for the treatment of is: be provided with and desire dumping log place time range, search in hour log sheet in this time range and the current hour log sheet for the treatment of the dumping log type matching; Perhaps in hour log sheet of the previous day, search and the current hour log sheet for the treatment of the dumping log type matching.
Preferably, the capacity limit of default journal file;
Described the step that the dump field is saved in the journal file for the treatment of in the log sheet that finds is comprised:
According to the capacity limit of described journal file, the journal dump in the log sheet in one or more journal files, is set up title and the Log Types of this journal file institute storing daily record and first incidence relation between the daily record time of journal file.
Wherein, the capacity limit of described default journal file comprises: dump time span and/or max log bar number that journal file is set;
When according to described dump time span with the journal dump in the log sheet in journal file the time, each journal file allows to store the daily record in the default dump time span at most;
When according to described max log bar number with the journal dump in the log sheet in journal file the time, each journal file allows stored log bar number to be less than or equal to described max log bar number;
When according to described dump time span and max log bar number with the journal dump in the log sheet in journal file the time, each journal file allows to store the daily record in the default dump time span at most, when the daily record quantity in the default dump time span during greater than described max log capacity, according to described max log capacity, with the journal dump in this dump time span in a plurality of journal files.
Preferably, the described title of journal file and the Log Types of this journal file institute storing daily record and first incidence relation between the daily record time set up is:
The title that journal file is set comprises the Log Types and the time range of this journal file institute storing daily record, simultaneously the mapping relations between the time started of first daily record in the title of log file and this journal file.
Wherein, described when audit log, search the journal file with audit condition coupling, according to the display Name of described configuration file record, the journal file that finds is resolved and shown, comprising:
C1, according to described first incidence relation, search and the audit condition in the journal file of the commensurate in scope between Log Types and pending trial timing of waiting to audit;
C2, from each journal file that finds, obtain daily record;
C3, obtain the display Name of the described Log Types correspondence of waiting to audit, dynamically generate the audit framework that comprises the display Name that obtains, the journal displaying that will obtain in described step c2 is in the audit framework of generation.
Preferably, described audit condition further comprises maximum inquiry bar numbers;
Described step c2 comprises: according to the maximum inquiry bar numbers in the audit condition, from each journal file of searching, obtain daily record, when the daily record quantity of obtaining reaches described maximum inquiry bar and counts, end to obtain journalizing, write down the position that last is acquired daily record;
After the described step c3, further comprise: when receiving the continuous audit order, return and carry out described step c2, and when execution in step c2, begin to obtain from described last position that is acquired daily record.
Preferably, described the dump field for the treatment of in the log sheet that finds is saved in the step in the journal file, further comprises:
Daily record in the log sheet is saved in after the journal file, is unit with Preset Time length, and the journal file in the unit interval is packaged as compressed package;
For each compressed package, obtain the display Name of the Log Types correspondence of this compressed package institute storing daily record, first incidence relation of each journal file correspondence in the display Name that obtains and this compressed package is outputed to index file and index file is added described compressed package; Set up title and the Log Types of this compressed package institute storing daily record and second incidence relation between the daily record time of compressed package;
Described step c1 comprises:
According to described second incidence relation, search and the audit condition in the compressed package of the commensurate in scope between Log Types and pending trial timing of waiting to audit;
According to described first incidence relation of index file record in the compressed package, in compressed package, search and the audit condition in the pending trial timing between the journal file of commensurate in scope.
After the described step c1, before the step c2, further comprise: according to time sequence the journal file that finds.
Preferably, regularly trigger the operation of dumping log.
The present invention also provides a kind of journal dump and auditing system, can solve the adaptive problem of daily record of dump and audit, solves journal dump and the versatility of audit program and the defective of autgmentability difference in the prior art.
This system comprises configuration file stores unit, dump unit, auditable unit and journal file memory cell;
Described configuration file stores unit is used to read configuration file and storage from the outside; Described configuration file record remains the title of dumping log type, treat dump field and each of each Log Types correspondence and treats the display Name of dump field;
Described dump unit, be used for when dumping log, read configuration file from described configuration file stores unit, treating the dumping log type and treating the dump field according to the configuration file record that reads, search and treat the log sheet of dumping log type matching, the dump field for the treatment of in the log sheet that finds is saved in the journal file, stores journal file into described journal file memory cell;
Described auditable unit is used for when audit log, searches the journal file with audit condition coupling in described journal file memory cell, according to the display Name of described configuration file record, the journal file that finds is resolved and is shown;
Described journal file memory cell is used for the storing daily record file.
Preferably, described configuration file stores unit is further used for, and when receiving the log-in command of newly-increased Log Types, reads the title from the newly-increased Log Types of outside, corresponding display Name and the storage treating the dump field and treat the dump field;
When receiving the delete command of existing Log Types, will wait to delete the title of Log Types, the corresponding display Name for the treatment of the dump field and treating the dump field from this element deletion.
Wherein, described dump unit comprises that log sheet searches module, journal dump module and relating module;
Described log sheet is searched module, is used for when dumping log, reads configuration file from described configuration file stores unit, treats the dumping log type and treats the dump field according to what the configuration file that reads write down, searches and treat the log sheet of dumping log type matching;
Described journal dump module, be used for to described log sheet search module searches to log sheet carry out dump and handle; During dump, according to the capacity limit of journal file, in one or more journal files, the journal file that dump is obtained stores described journal file memory cell into the journal dump in the log sheet;
Described relating module, be used for described journal dump module with journal dump behind journal file, set up title and the Log Types of this journal file institute storing daily record and first incidence relation between the daily record time of the journal file of dump acquisition, this first incidence relation is stored in the described journal file memory cell.
Wherein, the capacity limit of described journal file adopts dump time span and/or max log bar number that journal file is set to realize;
Described journal dump module is further used for, and when carrying out dump according to described dump time span, each journal file allows to store the daily record in the default dump time span at most; When carrying out dump according to described max log bar number, each journal file allows stored log bar number to be less than or equal to described max log bar number; When carrying out dump according to described dump time span and max log bar number, each journal file allows to store the daily record in the default dump time span at most, when the daily record quantity in the default dump time span during greater than described max log capacity, according to described max log capacity, with the journal dump in this dump time span in a plurality of journal files.
Wherein, described relating module is the journal file name that dump obtains, the title of journal file comprises the Log Types and the time range of this journal file institute storing daily record, simultaneously the mapping relations between the time started of first daily record in the title of log file and this journal file.
Wherein, described auditable unit comprises that module is searched in daily record and the display module of auditing;
Module is searched in described daily record, be used for according to described first incidence relation, in described journal file memory cell, search and the audit condition in the journal file of the commensurate in scope between Log Types and pending trial timing of waiting to audit, from each journal file that finds, obtain daily record;
Described audit display module is used to obtain the display Name of the described Log Types correspondence of waiting to audit, and dynamically generates the audit framework that comprises the display Name that obtains, and described daily record is searched journal displaying that module obtains in the audit framework of generation.
Preferably, described dump unit further comprises compression module, and this compression module links to each other with described journal dump module, relating module and configuration file stores unit;
Described compression module is used to receive the journal file that the dump of described journal dump module obtains, and is unit with Preset Time length, and the journal file in the unit interval is packaged as compressed package; For each compressed package, obtain first incidence relation of each journal file correspondence this compressed package from described relating module, obtain the display Name of the Log Types correspondence of this compressed package institute storing daily record from described configuration file stores unit, first incidence relation and the display Name that obtains outputed to index file and index file is added described compressed package; Set up title and the Log Types of this compressed package institute storing daily record and second incidence relation between the daily record time of compressed package;
Described daily record is searched module and is further used for, according to described second incidence relation, in described journal file memory cell, search and the audit condition in the compressed package of the commensurate in scope between Log Types and pending trial timing of waiting to audit; According to described first incidence relation of index file record in the compressed package, in compressed package, search and the audit condition in the pending trial timing between the journal file of commensurate in scope.
According to above technical scheme as seen, use the defective that the present invention can solve versatility and autgmentability difference in the prior art.Specifically, have following beneficial effect:
At first, the present invention adopts configuration file record to treat that the title of dumping log type, treat dump field and each of each Log Types correspondence treat the display Name of dump field, system only need read configuration file and carry out the journal dump operation according to configuration file.When needs increase new Log Types, only need to increase Log Types newly and bring in the configuration file, can realize the dump and the audit of newly-increased daily record.As seen, the present invention is full decoupled with journal dump and audit and Log Types, need not log database or private file audit facility to be carried out adaptive exploitation, solved journal dump and the audit program versatility and the not strong defective of autgmentability of prior art as prior art.
Secondly, with journal dump in journal file the time, capacity limit according to journal file, journal dump in the log sheet in one or more journal files, has been avoided the generation of super large journal file, reading journal file when auditing from being convenient to daily record.
And, the present invention gets up the title of each journal file and the Log Types and the daily record of this journal file association in time, for example set up mapping relations, like this when from numerous numerous and complicated journal files, searching the journal file that mates with the audit condition, can carry out apace, search targetedly according to incidence relation, shorten the time of searching, improved search efficiency, thereby improved audit efficient.
In addition, the present invention also with journal file compression storage, saves memory space when the storing daily record file, avoid the at random of journal file.And, when compression, also store into above-mentioned incidence relation and the display Name that is compressed the Log Types correspondence of journal file in the compressed package, as long as there is compressed package like this, auditable unit just can generate the audit interface anywhere, need not be related with existing systems, improved the flexibility of daily record audit greatly.
Description of drawings
Fig. 1 is the process chart of journal dump in the embodiment of the invention.
Fig. 2 is the process chart of daily record audit in the embodiment of the invention.
Fig. 3 is the schematic diagram at audit interface in the embodiment of the invention.
Fig. 4 is the structural representation of journal dump and auditing system in the embodiment of the invention.
Fig. 5 is the structural representation of dump unit among Fig. 4.
Fig. 6 is the structural representation of auditable unit among Fig. 4.
Embodiment
The present invention is the scheme of a kind of journal dump and audit, and its basic thought is: set up configuration file, record treats that the title of dumping log type, treat dump field and each of each Log Types correspondence treat the display Name of dump field in configuration file; Wherein, treat that the dump field is the field name that uses in the log database, start_time for example, display Name are the field name that shows in the audit interface, for example " time started " of start_time correspondence.
When dumping log, treat the dumping log type and treat the dump field according to what described configuration file write down, search and treat the log sheet of dumping log type matching, the dump field for the treatment of in the log sheet that finds is saved in the journal file.
When audit log, search the journal file with audit condition coupling, according to the display Name of described configuration file record, the journal file that finds is resolved and shown.Wherein, parse operation is for to resolve to display Name with the dump field in the journal file.
As seen, the present invention is full decoupled with journal dump and audit and Log Types.When needs increase new Log Types, only needing to increase Log Types newly brings in the configuration file, can realize the dump and the audit of newly-increased Log Types, need not log database or private file audit facility are carried out adaptive exploitation, solved versatility and the not strong defective of autgmentability in the prior art.
Below in conjunction with the accompanying drawing embodiment that develops simultaneously, describe the present invention.
At first record is treated the dumping log type, treated that the configuration file of dump field and display Name is described in detail.In the present embodiment, configuration file is called the Log Types specification sheet, is called for short specification sheet.
The specification sheet that the present invention introduces is with the general format record journal dump and the relevant information of audit, comprises Log Types, daily record field storage field name and the display Name of daily record field in the audit interface etc. in log database.Wherein, storage field name and display Name are corresponding one by one.
Shown in Log Types specification sheet form is defined as follows:
[LogType1]
[LogTypeName]
[DbFieldNames]
[FieldName1]
[FieldName2]
……
[FieldNameN]
[GuiFieldNames]
[FieldName1]
[FieldName2]
……
[FieldNameN]
……
[LogTypeN]
……
Wherein, LogType1 represents first kind of Log Types, [LogTypeN] expression N kind Log Types; LogTypeName represents the Log Types title of every kind of Log Types, and the Log Types title is the unique identification of each Log Types; DbFieldNames represents to treat the dump field, this treats that the dump field name is the storage field name of daily record field in database, GuiFieldNames represents to treat the display Name of dump field, this display Name is the display Name of daily record field in the audit interface, is exactly the interface element title that daily record audit interface finally shows; FieldNameN represents to store the particular content of field name and display Name.
When newly-increased a kind of Log Types, only need be according to the standard tableau format, the title of newly-increased Log Types, the corresponding display Name for the treatment of the dump field and treating the dump field added in the specification sheet to getting final product.For example, when increasing the daily record to network traffics NetStreamV5, only need to determine the field and the corresponding display Name of required dump under the NetStreamV5 daily record, be configured according to specification sheet then and get final product.
Suppose to aim at NetStreamV5 day existing in the log database daily record field start_time, end_time, src_ip, dest_ip, src_port, dest_port, prot, tos, app_name and dev_ip.Wherein field tos without any meaning, need not dump for audit, therefore when the configuration specification table it is abandoned.Can only dispose these fields of start_time, end_time, src_ip, dest_ip, src_port, dest_port, prot, app_name and dev_ip so as treating the dump field.Simultaneously, the result of audit can not be directly with the field name demonstration of database, and its practical meaning should be showed, so also should be in the content of specification sheet, the display Name of dump field correspondence is respectively treated in configuration, and the above-mentioned display Name of dump field correspondence of respectively treating is respectively: time started, concluding time, source IP, purpose IP, come source port, destination interface, agreement, application and Device IP.
According to the standard tableau format, daily record increases following configuration at NetStreamV5:
[LogType]
[NetStreamV5]
[DbFieldNames]
[start_time]
[end_time]
[src_ip]
…?…
[dev_ip]
[GuiFieldNames]
[time started]
[concluding time]
[source IP]
…?…
[Device IP]
Adopt the configuration specification table, the network manager only need dispose interested field, but not all fields in the log database are handled, thereby has improved the flexibility of dump and audit.In practice, the concrete configuration of specification sheet can be a various ways, as adopting the carrier of XML configuration file as specification sheet, shows the example that specification sheet represents with XML configuration file form below:
<LogType>
<LogTypeName>NetStreamV5</LogTypeName>
<DbFieldNames>
<Item>start_time</Item>
<Item>end_time</Item>
<Item>src_ip</Item>
…
<Item>dev_ip</Item>
</DbFieldNames>
<GuiFieldNames>
<Item〉time started</Item 〉
<Item〉concluding time</Item 〉
<Item〉source IP</Item 〉
…
<Item〉Device IP</Item 〉
</GuiFieldNames>
</LogType>
After the specification sheet configuration is finished, specification sheet need be registered in the system that carries out journal dump of the present invention and audit program, here be called journal dump and auditing system, so that journal dump and auditing system are according to the configuration file content executive dumping and the audit operation of registration.The process of registration promptly is with content import system in the specification sheet and storage.During the specification sheet registration, the deploy content of specification sheet must meet predetermined format, otherwise registration process will be failed.
When nullifying a registered Log Types, with the title of waiting to delete Log Types is that LogTypeName is an index, in the specification sheet of registration, search the title of waiting to delete Log Types, will wait to delete the title of Log Types, the corresponding display Name deletion for the treatment of the dump field and treating the dump field.
After specification sheet was registered to system, system just can carry out dump and audit operation according to the specification sheet of registration.Respectively dump and audit are described below.
Fig. 1 is the process chart of journal dump in the embodiment of the invention.As shown in Figure 1, this flow process may further comprise the steps:
Step 101: when triggering dump operation, read the specification sheet of registration, one by one each Log Types in the specification sheet is handled.
Step 102: the configuration of from specification sheet, reading a kind of Log Types that is untreated.Reading of content comprises Log Types title LogTypeName, treats information such as dump field name DbFieldNames and display Name GuiFieldNames.
Wherein, dump operation can trigger by timed task, also can manual triggers.
Step 103:, in log database, search log sheet with this Log Types title LogTypeName coupling according to the Log Types title LogTypeName that reads.The log sheet title usually all with Log Types binding, can directly know Log Types the log sheet nominally from log sheet.
Usually journal dump is to carry out once every day, and the daily record of dump the previous day, therefore when searching the log sheet of coupling, searches the log sheet of the previous day and the Log Types name-matches that reads; In practice, also can set in advance and desire dumping log place time range, in hour log sheet in this time range, the log sheet of the Log Types name-matches of searching and reading.
In the present embodiment, when generating log sheet, for fear of the log sheet that forms super large, daily record is stored by the hour, generate hour log sheet, simultaneously with the title of hour log sheet and Log Types and the binding of daily record time, the Log Types and the daily record time of embodying institute's storing daily record at hour log sheet nominally.For example, a hour log sheet name is called netstreamv5_08092218, and what represent this hour log sheet storage is the daily record of 2008-09-22 18:00:00~18:59:59 in this hour.
In this step, suppose 2008-09-23 dump in the morning day daily record of the previous day, and at first handle Log Types NetStreamV5, in log database, search hour log sheet of log sheet title and NetStreamV5 coupling according to Log Types title NetStreamV5, find 24 hours log sheets this moment.
Step 104: that obtains the Log Types title correspondence that reads treats the dump field name, and each log sheet at step 103 finds will be saved in the journal file with the field contents that treat dump field name coupling in the log sheet.In order to distinguish the different journal files that obtain from same log sheet dump, the title of the journal file that dump is obtained and the Log Types and the daily record time correlation connection of this journal file institute storing daily record.
Suppose storage NetStreamV5 daily record in this step, according to a specification sheet needs dump start_time, end_time, src_ip, dest_ip, src_port, dest_port, prot, app_name and these fields of dev_ip.
Step 105: judge whether to handle all Log Types in the specification sheet; If, process ends then; Otherwise, return execution in step 102.
So far, this flow process finishes.
Generally speaking, network log all is a magnanimity, and 1 hour daily record amount usually reaches up to ten million.Form the journal file of super large for fear of dump, query performance when influencing dump performance and audit, when present embodiment arrives journal file in step 104 with journal dump, capacity limit according to journal file, with the journal dump in the log sheet in a plurality of journal files, to avoid forming the super large file.Wherein, the capacity limit of journal file can adopt dump time span and/or max log bar number that journal file is set to realize.Specifically,
When according to the dump of dump time span, each journal file allows to store the daily record in the default dump time span at most.For example, it is 10 minutes that the dump time span is set, and journal file holds the daily record in 10 minutes at most so.The value of dump time span pre-determines according to network traffics.
When counting dump according to the max log bar, each journal file allows stored log bar number to be less than or equal to described max log bar number.For example, it is 500,000 that max log bar number is set, and a journal file holds 500,000 daily records at most so.
When counting dump according to dump time span and max log bar, each journal file allows to store the daily record in the default dump time span at most, when the daily record quantity in the default dump time span during greater than described max log capacity, determine required journal file number according to daily record quantity in this dump time span and max log capacity, with the journal dump in this dump time span in determined a plurality of journal files.More specifically say, can realize like this: at first determine the current time period for the treatment of dump according to the dump time span, 2008-09-22 18:10:00~2008-09-22 18:19:59 for example, in the current log sheet (netstreamv5_08092218) for the treatment of the dump time period of correspondence, inquire about at the current daily record sum for the treatment of in the dump time period according to the time started field, determine required journal file number according to the daily record that inquires sum and max log capacity, then according to time sequencing with the journal dump that finds in each journal file.
For example, it is 10 minutes that the dump time span is set, and the max log capacity is 500,000, and the daily record in current dump 2008-09-22 18:10:00~this time period of 2008-09-22 18:19:59.So, this moment need be in name be called the log sheet of netstreamv5_08092218, search the interior daily record of 2008-09-22 18:10:00~this time period of 2008-09-22 18:19:59 according to time started (start_time) field, suppose to find the daily record of 700,000 couplings, above 500,000, therefore determining needs 2 journal files to store these daily records, the derivation instrument that adopts database to provide then, according to time sequencing, preceding 500,000 daily records are exported in first journal file, 200,000 daily records in back are exported in second journal file.These two journal files are all corresponding to this time period of 2008-09-22 18:10:00~2008-09-2218:19:59.
After daily record exported to journal file, with journal file title and Log Types and daily record association in time.Interrelational form is unrestricted.For example, in the journal file title, embody Log Types and daily record time, perhaps set up journal file title and Log Types and mapping relations between the daily record time and record; Perhaps in the journal file title, embody Log Types, and set up journal file title and the mapping relations between the daily record time.Wherein, the daily record time can be the time range at each daily record place in the journal file, also can be the time started field contents of first daily record in the journal file.
Again or, make the title of journal file comprise the Log Types and the time range of this journal file institute storing daily record, the mapping relations between the time started of first daily record in the title of log file and this journal file simultaneously.Explanation this interrelational form below gives an actual example.
Suppose, 70 ten thousand the NetstreamV5 daily records of 2008-09-22 18:10:00~2008-09-22 18:19:59 in this time period are saved as in two journal files, for these two journal files respectively name be called netstreamv5_0809221810_1 and netstreamv5_0809221810_2.Wherein, netstreamv5_0809221810_1 represents that the Log Types of this document institute storing daily record is NetStreamV5, the daily record time in 2008-09-22 18:10:00~18:19:59, and be corresponding to 2008-09-22 18:10:00~18:19:59 should the time period first file.Set up the mapping relations between time started of article one daily record in journal file title and this journal file simultaneously, mapping relations are recorded among the mapping table Time-File.The time started field of supposing article one record in two journal files of netstreamv5_0809221810_1 and netstreamv5_0809221810_2 is respectively: 2008-09-22 18:10:00,2008-09-22 18:17:53, and it is as follows then to form mapping table Time-File record:
netstreamv5_0809221810_1:2008-09-22?18:10:00
netstreamv5_0809221810_2:2008-09-22?18:17:53
In practice, also can take above-described another kind of interrelational form to name respectively for two corresponding journal files of section at the same time, during name with time started of article one daily record in the journal file part as filename.For example netstreamv5_080922181000, netstreamv5_080922181753.
As seen, journal dump in journal file the time, can avoided producing the super large journal file by the capacity of restriction journal file, reading when being convenient to the daily record audit to journal file.The present invention gets up the title of each journal file and the Log Types and the daily record of this journal file association in time, for example set up mapping relations, like this when the follow-up journal file of from numerous and complicated journal file, searching with audit condition coupling, can carry out apace, search targetedly according to incidence relation, shortened the time of searching, improve search efficiency, and then can improve audit efficient.
After the log sheet dump is journal file and since journal file at random and take up room huge, inconvenience management and searching.For the ease of management, present embodiment is a unit with Preset Time length (for example 1 hour), the journal file in the unit interval is packaged as compressed package stores.For each compressed package, the mapping relations in the packing time range in the mapping table are outputed to index file Index, and add in the compressed package.Simultaneously,, also need to obtain the display Name of the Log Types correspondence of this compressed package institute storing daily record, the display Name that obtains is also outputed to index file and squeeze in the compressed package for for the audit interface provides display Name.The Log Types of the title of compressed package and institute's storing daily record and daily record time correlation connection.For example, name is called the compressed package of netstreamv5_08092218.zip, represents NetStreamV5 daily record and index file index in this compressed package storage 2008-09-2218:00:00~18:59:59 time range.
The mode of file audit is adopted in daily record provided by the invention audit, and a kind of general journal file audit framework is provided, and with concrete Log Types decoupling zero.Fig. 2 is the flow chart of daily record audit in the embodiment of the invention.As shown in Figure 2, this flow process may further comprise the steps:
Step 201: the audit condition is set, and this audit condition can comprise waits to audit scope between Log Types and pending trial timing, and can also comprise the field of wishing audit and inquire about the bar number at most, or the like.
Step 202: search and the audit condition in wait the to audit journal file of commensurate in scope between Log Types and pending trial timing.Can show with time sequencing during for show log, make things convenient for the keeper to read, obtain journal file after, according to the temporal information that comprises in the journal file title, according to time sequence with journal file.
If with journal file compression storage, this step specifically comprises so during dump:
According to the title of compressed package, this title comprises Log Types and daily record time, the compressed package of the commensurate in scope between Log Types and pending trial timing searched and wait to audit, with the compressed package that obtains according to time sequence.
Handle each compressed package one by one.When handling one of them compressed package, open the index file index in the compressed package, obtain mapping relations in the index file, obtain daily record time journal file in the scope between the pending trial timing according to mapping relations.Up to handling all compressed packages.
For example, the audit condition is: Log Types to be audited is NetStreamV5, and scope is 2008-09-22 18:18~19:57 between the pending trial timing, inquires about 5000 at most.
So, in this step, at first determine that according to wait to audit Log Types and time range the needs compressed package is netstreamv5_08092218.zip and netstreamv5_08092219.zip.Then, open the index file among first compressed package netstreamv5_08092218.zip, obtain the mapping relations of the filename-time in the index file, the journal file that obtains coupling according to mapping relations is netstreamv5_0809221810_2; Then, open second index file among the compressed package netstreamv5_08092219.zip again, the journal file that obtains coupling according to the mapping relations in the index file is netstreamv5_0809221820_1.Preferably, this moment also with the journal file that obtains by the daily record time-sequencing.
Step 203: from each journal file that finds, obtain daily record.
If the audit condition setting maximum inquiry bar numbers, then this step is obtained daily record according to maximum inquiry bar numbers from each journal file of searching, when the daily record quantity of obtaining reaches described maximum inquiry bar and counts, operation is obtained in termination, writes down the position that last is acquired daily record.In this case, step 204 can the display part daily record, and its number is inquiry bar numbers at most.
When follow-up when receiving the continuous audit order, the position of continuing to be acquired from last of record daily record begins to obtain daily record.
Step 204: obtain the display Name of the Log Types correspondence of waiting to audit, dynamically generate the audit framework that comprises the display Name that obtains; The storage field of step 203 being obtained in the daily record according to the display Name that is obtained resolves to corresponding display Name, is presented at then in the audit framework of generation.Dynamically the audit framework that generates as shown in Figure 3.
Wherein, audit framework is that displaying contents general but in the audit framework dynamically generates according to log file contents really.The display Name of Log Types correspondence of waiting in the present embodiment to audit obtains from compressed package, as long as there is compressed package like this, just can generate the audit interface anywhere, need not be related with existing systems, improved the flexibility of daily record audit greatly.In practice, wait the to audit display Name of Log Types correspondence can obtain from specification sheet.
Below the system that carries out journal dump of the present invention and auditing method is described.Fig. 4 is the structural representation of journal dump and auditing system in the embodiment of the invention.As shown in Figure 4, this system comprises configuration file stores unit 41, dump unit 42, auditable unit 43 and journal file memory cell 44.Wherein,
Configuration file stores unit 41 is used to read specification sheet and storage from the outside.As previously mentioned, this specification sheet record remains the title of dumping log type, treat dump field and each of each Log Types correspondence and treats the display Name of dump field.
This configuration file stores unit 41 when receiving the log-in command of newly-increased Log Types, reads the title from the newly-increased Log Types of outside, corresponding display Name and the storage treating the dump field and treat the dump field further; When receiving the delete command of existing Log Types, to wait that the name of deleting Log Types is called index, in this unit, search described title of waiting to delete Log Types, will wait to delete the title of Log Types, the corresponding display Name deletion for the treatment of the dump field name and treating the dump field.
Journal file memory cell 44 is used for the storing daily record file.
Fig. 5 is the structural representation of memory cell 42 among Fig. 4.As shown in Figure 5, this dump unit 42 comprises that specifically log sheet searches module 421, journal dump module 422 and relating module 423.Wherein,
Log sheet is searched module 421, be used for when dumping log, read specification sheet from configuration file stores unit 41, treat the dumping log type and treat the dump field, from log database, search and treat the log sheet of dumping log type matching according to what the specification sheet that reads write down.When searching log sheet at certain Log Types, can search in this time range and hour log sheet of the name-matches of current Log Types according to the time range that is provided with, perhaps search hour log sheet of the name-matches of the previous day and current Log Types.The triggering of dumping log operation can be for regularly triggering or manual the triggering automatically.
Relating module 423 is used for when notified, sets up title and the Log Types of this journal file institute storing daily record and first incidence relation between the daily record time of the journal file that dump obtains, and stores this first incidence relation into journal file memory cell 44.The interrelational form of describing among the operation associated mode that this relating module 423 carries out and the preceding method embodiment is identical, does not give unnecessary details here.
Fig. 6 is the structural representation of auditable unit 43 among Fig. 4.As shown in Figure 6, this auditable unit 43 comprises that specifically module 431 is searched in daily record and the display module 432 of auditing.Wherein,
Preferably, dump unit 42 further comprises compression module 424.Referring to the dotted line module among Fig. 5, this compression module 424 links to each other with journal dump module 422, relating module 423 and configuration file stores unit 44.Compression module 424, be used for Preset Time length for example one hour be unit, the journal file in the unit interval is packaged as compressed package; For each compressed package, obtain first incidence relation of each journal file correspondence this compressed package from relating module 423, obtain the display Name of the Log Types correspondence of this compressed package institute storing daily record from configuration file stores unit 44, first incidence relation and the display Name that obtains outputed to index file and index file is added compressed package; Set up title and the Log Types of this compressed package institute storing daily record and second incidence relation between the daily record time of compressed package.
In this case, daily record is searched module 431 and is further used for, according to second incidence relation, in journal file memory cell 44, search and the audit condition in the compressed package of the commensurate in scope between Log Types and pending trial timing of waiting to audit; According to first incidence relation of index file record in the compressed package, in compressed package, search and the audit condition in the pending trial timing between the journal file of commensurate in scope.
In sum, more than be preferred embodiment of the present invention only, be not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (20)
1, a kind of journal dump and auditing method is characterized in that, this method comprises:
Set up configuration file, record treats that the title of dumping log type, treat dump field and each of each Log Types correspondence treat the display Name of dump field in configuration file;
When dumping log, treat the dumping log type and treat the dump field according to what described configuration file write down, search and treat the log sheet of dumping log type matching, the dump field for the treatment of in the log sheet that finds is saved in the journal file;
When audit log, search the journal file with audit condition coupling, according to the display Name of described configuration file record, the journal file that finds is resolved and shown.
2, the method for claim 1 is characterized in that, this method further comprises: when increasing Log Types, with the title of newly-increased Log Types, corresponding treating the dump field and treat that the display Name of dump field adds in the described configuration file;
In deletion during Log Types, with wait to delete Log Types title, corresponding treat the dump field and treat that the display Name of dump field deletes from described configuration file.
3, the method for claim 1 is characterized in that, this method further comprises: with the configuration file registration, adopt the configuration file content executive dumping and the audit operation of registration.
4, the method for claim 1 is characterized in that, described log sheet is a hour log sheet, the daily record in each hour log sheet storage Preset Time length;
Described according to the treating the dumping log type and treat the dump field of described configuration file record, search and treat that the log sheet of dumping log type matching comprises: one by one the dumping log type of respectively treating in the configuration file is handled; Handle currently when treating the dumping log type, search and current each hour log sheet for the treatment of the dumping log type matching.
5, method as claimed in claim 4, it is characterized in that, described searching with current each hour log sheet of dumping log type matching for the treatment of is: be provided with and desire dumping log place time range, search in hour log sheet in this time range and the current hour log sheet for the treatment of the dumping log type matching; Perhaps in hour log sheet of the previous day, search and the current hour log sheet for the treatment of the dumping log type matching.
6, the method for claim 1 is characterized in that, the capacity limit of default journal file;
Described the step that the dump field is saved in the journal file for the treatment of in the log sheet that finds is comprised:
According to the capacity limit of described journal file, the journal dump in the log sheet in one or more journal files, is set up title and the Log Types of this journal file institute storing daily record and first incidence relation between the daily record time of journal file.
7, method as claimed in claim 6 is characterized in that, the capacity limit of described default journal file comprises: dump time span and/or max log bar number that journal file is set;
When according to described dump time span with the journal dump in the log sheet in journal file the time, each journal file allows to store the daily record in the default dump time span at most;
When according to described max log bar number with the journal dump in the log sheet in journal file the time, each journal file allows stored log bar number to be less than or equal to described max log bar number;
When according to described dump time span and max log bar number with the journal dump in the log sheet in journal file the time, each journal file allows to store the daily record in the default dump time span at most, when the daily record quantity in the default dump time span during greater than described max log capacity, according to described max log capacity, with the journal dump in this dump time span in a plurality of journal files.
8, method as claimed in claim 6 is characterized in that, the described title of journal file and the Log Types of this journal file institute storing daily record and first incidence relation between the daily record time set up is:
The title that journal file is set comprises the Log Types and the time range of this journal file institute storing daily record, simultaneously the mapping relations between the time started of first daily record in the title of log file and this journal file.
9, as claim 6 or 7 or 8 described methods, it is characterized in that, described when audit log, search the journal file with audit condition coupling, according to the display Name of described configuration file record, the journal file that finds is resolved and shown, comprising:
C1, according to described first incidence relation, search and the audit condition in the journal file of the commensurate in scope between Log Types and pending trial timing of waiting to audit;
C2, from each journal file that finds, obtain daily record;
C3, obtain the display Name of the described Log Types correspondence of waiting to audit, dynamically generate the audit framework that comprises the display Name that obtains, the journal displaying that will obtain in described step c2 is in the audit framework of generation.
10, method as claimed in claim 9 is characterized in that, described audit condition further comprises maximum inquiry bar numbers;
Described step c2 comprises: according to the maximum inquiry bar numbers in the audit condition, from each journal file of searching, obtain daily record, when the daily record quantity of obtaining reaches described maximum inquiry bar and counts, end to obtain journalizing, write down the position that last is acquired daily record;
After the described step c3, further comprise: when receiving the continuous audit order, return and carry out described step c2, and when execution in step c2, begin to obtain from described last position that is acquired daily record.
11, method as claimed in claim 9 is characterized in that, described the dump field for the treatment of in the log sheet that finds is saved in the step in the journal file, further comprises:
Daily record in the log sheet is saved in after the journal file, is unit with Preset Time length, and the journal file in the unit interval is packaged as compressed package;
For each compressed package, obtain the display Name of the Log Types correspondence of this compressed package institute storing daily record, first incidence relation of each journal file correspondence in the display Name that obtains and this compressed package is outputed to index file and index file is added described compressed package; Set up title and the Log Types of this compressed package institute storing daily record and second incidence relation between the daily record time of compressed package;
Described step c1 comprises:
According to described second incidence relation, search and the audit condition in the compressed package of the commensurate in scope between Log Types and pending trial timing of waiting to audit;
According to described first incidence relation of index file record in the compressed package, in compressed package, search and the audit condition in the pending trial timing between the journal file of commensurate in scope.
12, method as claimed in claim 9 is characterized in that, after the described step c1, before the step c2, further comprises: with the journal file that finds according to time sequence.
13, the method for claim 1 is characterized in that, regularly triggers the operation of dumping log.
14, a kind of journal dump and auditing system is characterized in that, this system comprises configuration file stores unit, dump unit, auditable unit and journal file memory cell;
Described configuration file stores unit is used to read configuration file and storage from the outside; Described configuration file record remains the title of dumping log type, treat dump field and each of each Log Types correspondence and treats the display Name of dump field;
Described dump unit, be used for when dumping log, read configuration file from described configuration file stores unit, treating the dumping log type and treating the dump field according to the configuration file record that reads, search and treat the log sheet of dumping log type matching, the dump field for the treatment of in the log sheet that finds is saved in the journal file, stores journal file into described journal file memory cell;
Described auditable unit is used for when audit log, searches the journal file with audit condition coupling in described journal file memory cell, according to the display Name of described configuration file record, the journal file that finds is resolved and is shown;
Described journal file memory cell is used for the storing daily record file.
15, system as claimed in claim 14, it is characterized in that, described configuration file stores unit is further used for, when receiving the log-in command of newly-increased Log Types, read the title from the newly-increased Log Types of outside, corresponding display Name and the storage treating the dump field and treat the dump field;
When receiving the delete command of existing Log Types, will wait to delete the title of Log Types, the corresponding display Name for the treatment of the dump field and treating the dump field from this element deletion.
16, system as claimed in claim 14 is characterized in that, described dump unit comprises that log sheet searches module, journal dump module and relating module;
Described log sheet is searched module, is used for when dumping log, reads configuration file from described configuration file stores unit, treats the dumping log type and treats the dump field according to what the configuration file that reads write down, searches and treat the log sheet of dumping log type matching;
Described journal dump module, be used for to described log sheet search module searches to log sheet carry out dump and handle; During dump, according to the capacity limit of journal file, in one or more journal files, the journal file that dump is obtained stores described journal file memory cell into the journal dump in the log sheet;
Described relating module, be used for described journal dump module with journal dump behind journal file, set up title and the Log Types of this journal file institute storing daily record and first incidence relation between the daily record time of the journal file of dump acquisition, this first incidence relation is stored in the described journal file memory cell.
17, system as claimed in claim 16 is characterized in that, the capacity limit of described journal file adopts dump time span and/or max log bar number that journal file is set to realize;
Described journal dump module is further used for, and when carrying out dump according to described dump time span, each journal file allows to store the daily record in the default dump time span at most; When carrying out dump according to described max log bar number, each journal file allows stored log bar number to be less than or equal to described max log bar number; When carrying out dump according to described dump time span and max log bar number, each journal file allows to store the daily record in the default dump time span at most, when the daily record quantity in the default dump time span during greater than described max log capacity, according to described max log capacity, with the journal dump in this dump time span in a plurality of journal files.
18, system as claimed in claim 16, it is characterized in that, described relating module is the journal file name that dump obtains, the title of journal file comprises the Log Types and the time range of this journal file institute storing daily record, simultaneously the mapping relations between the time started of first daily record in the title of log file and this journal file.
As claim 16 or 17 or 18 described systems, it is characterized in that 19, described auditable unit comprises that module is searched in daily record and the display module of auditing;
Module is searched in described daily record, be used for according to described first incidence relation, in described journal file memory cell, search and the audit condition in the journal file of the commensurate in scope between Log Types and pending trial timing of waiting to audit, from each journal file that finds, obtain daily record;
Described audit display module is used to obtain the display Name of the described Log Types correspondence of waiting to audit, and dynamically generates the audit framework that comprises the display Name that obtains, and described daily record is searched journal displaying that module obtains in the audit framework of generation.
20, system as claimed in claim 19 is characterized in that, described dump unit further comprises compression module, and this compression module links to each other with described journal dump module, relating module and configuration file stores unit;
Described compression module is used to receive the journal file that the dump of described journal dump module obtains, and is unit with Preset Time length, and the journal file in the unit interval is packaged as compressed package; For each compressed package, obtain first incidence relation of each journal file correspondence this compressed package from described relating module, obtain the display Name of the Log Types correspondence of this compressed package institute storing daily record from described configuration file stores unit, first incidence relation and the display Name that obtains outputed to index file and index file is added described compressed package; Set up title and the Log Types of this compressed package institute storing daily record and second incidence relation between the daily record time of compressed package;
Described daily record is searched module and is further used for, according to described second incidence relation, in described journal file memory cell, search and the audit condition in the compressed package of the commensurate in scope between Log Types and pending trial timing of waiting to audit; According to described first incidence relation of index file record in the compressed package, in compressed package, search and the audit condition in the pending trial timing between the journal file of commensurate in scope.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102475508A CN101453378B (en) | 2008-12-30 | 2008-12-30 | Method and system for log dump and audit |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102475508A CN101453378B (en) | 2008-12-30 | 2008-12-30 | Method and system for log dump and audit |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101453378A true CN101453378A (en) | 2009-06-10 |
| CN101453378B CN101453378B (en) | 2011-01-12 |
Family
ID=40735409
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008102475508A Active CN101453378B (en) | 2008-12-30 | 2008-12-30 | Method and system for log dump and audit |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101453378B (en) |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101931562A (en) * | 2010-09-29 | 2010-12-29 | 杭州华三通信技术有限公司 | Web log processing method and device |
| CN101944115A (en) * | 2010-09-14 | 2011-01-12 | 杭州海康威视数字技术股份有限公司 | Method and system for searching logs |
| CN102541850A (en) * | 2010-12-09 | 2012-07-04 | 北京北方微电子基地设备工艺研究中心有限责任公司 | Methods and devices and systems for obtaining and uploading log records |
| CN103793479A (en) * | 2014-01-14 | 2014-05-14 | 上海上讯信息技术股份有限公司 | Log management method and log management system |
| CN104067587A (en) * | 2011-09-08 | 2014-09-24 | 英特尔公司 | Methods and arrangements for device profiles in wireless networks |
| CN104506390A (en) * | 2014-12-31 | 2015-04-08 | 上海大唐移动通信设备有限公司 | Log storage method and device of road test system |
| CN105824837A (en) * | 2015-01-06 | 2016-08-03 | 中国移动通信集团广东有限公司 | Log treatment method and device |
| CN105975602A (en) * | 2016-05-11 | 2016-09-28 | 广州御银自动柜员机科技有限公司 | Log sorting system |
| CN106202305A (en) * | 2016-06-30 | 2016-12-07 | 北京北信源软件股份有限公司 | A kind of log processing method, device and Database Systems |
| CN106570163A (en) * | 2016-11-07 | 2017-04-19 | 深圳市任子行科技开发有限公司 | Unreliable environment-oriented audit log read-write managing method and system |
| CN106776942A (en) * | 2016-11-30 | 2017-05-31 | 任子行网络技术股份有限公司 | A kind of transmission of network audit daily record preserves system and method |
| CN107145427A (en) * | 2017-05-11 | 2017-09-08 | 暴风体育(北京)有限责任公司 | A kind of method and system of automatic classification monitoring application service daily record |
| CN107305521A (en) * | 2016-04-20 | 2017-10-31 | 百度在线网络技术(北京)有限公司 | Log recording method and device |
| CN107342888A (en) * | 2016-12-02 | 2017-11-10 | 杭州迪普科技股份有限公司 | The storage method and device of daily record message |
| CN107368404A (en) * | 2017-08-02 | 2017-11-21 | 山东浪潮通软信息科技有限公司 | A kind of method of auditing administration and system |
| CN107590056A (en) * | 2017-09-27 | 2018-01-16 | 郑州云海信息技术有限公司 | The dump method and device of audit log in a kind of storage system |
| CN107688624A (en) * | 2017-08-18 | 2018-02-13 | 杭州迪普科技股份有限公司 | A kind of daily record index structuring method and device |
| CN109033813A (en) * | 2018-07-09 | 2018-12-18 | 携程旅游信息技术(上海)有限公司 | The auditing system and method for Linux operation log |
| CN110110516A (en) * | 2019-01-04 | 2019-08-09 | 北京车和家信息技术有限公司 | Log recording method, apparatus and system |
| CN110109809A (en) * | 2019-04-08 | 2019-08-09 | 武汉思普崚技术有限公司 | According to the method and apparatus of syslog test log audit function |
| CN110661650A (en) * | 2019-09-05 | 2020-01-07 | 苏州浪潮智能科技有限公司 | Log management method and device, electronic equipment and storage medium |
| CN110995836A (en) * | 2019-11-29 | 2020-04-10 | 安徽江淮汽车集团股份有限公司 | Log management method, device, storage medium and device based on Internet of vehicles platform |
| CN114338352A (en) * | 2021-12-31 | 2022-04-12 | 南通机敏软件科技有限公司 | Audit log configuration and analysis method, storage medium and processor |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104408136A (en) * | 2014-11-26 | 2015-03-11 | 合肥晶奇电子科技有限公司 | Log treatment method for public medical system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100359495C (en) * | 2003-09-04 | 2008-01-02 | 上海格尔软件股份有限公司 | Information system auditing method based on data storehouse |
| CN1917445B (en) * | 2006-09-07 | 2010-09-29 | 上海交通大学 | Method for auditing log event of fire wall, and teaching experimental system |
| CN101075256A (en) * | 2007-06-08 | 2007-11-21 | 北京神舟航天软件技术有限公司 | System and method for real-time auditing and analyzing database |
-
2008
- 2008-12-30 CN CN2008102475508A patent/CN101453378B/en active Active
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101944115A (en) * | 2010-09-14 | 2011-01-12 | 杭州海康威视数字技术股份有限公司 | Method and system for searching logs |
| CN101944115B (en) * | 2010-09-14 | 2012-07-25 | 杭州海康威视数字技术股份有限公司 | Method and system for searching logs |
| CN101931562B (en) * | 2010-09-29 | 2013-08-28 | 杭州华三通信技术有限公司 | Web log processing method and device |
| CN101931562A (en) * | 2010-09-29 | 2010-12-29 | 杭州华三通信技术有限公司 | Web log processing method and device |
| CN102541850A (en) * | 2010-12-09 | 2012-07-04 | 北京北方微电子基地设备工艺研究中心有限责任公司 | Methods and devices and systems for obtaining and uploading log records |
| CN104067587B (en) * | 2011-09-08 | 2017-10-20 | 英特尔公司 | Method and apparatus for device configuration file in wireless network |
| CN104067587A (en) * | 2011-09-08 | 2014-09-24 | 英特尔公司 | Methods and arrangements for device profiles in wireless networks |
| US10122817B2 (en) | 2011-09-08 | 2018-11-06 | Intel Corporation | Methods and arrangements for device profiles in wireless networks |
| US9870380B2 (en) | 2011-09-08 | 2018-01-16 | Intel Corporation | Methods and arrangements for device profiles in wireless networks |
| CN103793479A (en) * | 2014-01-14 | 2014-05-14 | 上海上讯信息技术股份有限公司 | Log management method and log management system |
| CN104506390A (en) * | 2014-12-31 | 2015-04-08 | 上海大唐移动通信设备有限公司 | Log storage method and device of road test system |
| CN105824837A (en) * | 2015-01-06 | 2016-08-03 | 中国移动通信集团广东有限公司 | Log treatment method and device |
| CN105824837B (en) * | 2015-01-06 | 2019-04-02 | 中国移动通信集团广东有限公司 | A kind of log processing method and device |
| CN107305521A (en) * | 2016-04-20 | 2017-10-31 | 百度在线网络技术(北京)有限公司 | Log recording method and device |
| CN105975602A (en) * | 2016-05-11 | 2016-09-28 | 广州御银自动柜员机科技有限公司 | Log sorting system |
| CN106202305A (en) * | 2016-06-30 | 2016-12-07 | 北京北信源软件股份有限公司 | A kind of log processing method, device and Database Systems |
| CN106570163A (en) * | 2016-11-07 | 2017-04-19 | 深圳市任子行科技开发有限公司 | Unreliable environment-oriented audit log read-write managing method and system |
| CN106776942A (en) * | 2016-11-30 | 2017-05-31 | 任子行网络技术股份有限公司 | A kind of transmission of network audit daily record preserves system and method |
| CN106776942B (en) * | 2016-11-30 | 2019-10-15 | 任子行网络技术股份有限公司 | A kind of transmission preservation system and method for network audit log |
| CN107342888A (en) * | 2016-12-02 | 2017-11-10 | 杭州迪普科技股份有限公司 | The storage method and device of daily record message |
| CN107145427A (en) * | 2017-05-11 | 2017-09-08 | 暴风体育(北京)有限责任公司 | A kind of method and system of automatic classification monitoring application service daily record |
| CN107368404A (en) * | 2017-08-02 | 2017-11-21 | 山东浪潮通软信息科技有限公司 | A kind of method of auditing administration and system |
| CN107688624A (en) * | 2017-08-18 | 2018-02-13 | 杭州迪普科技股份有限公司 | A kind of daily record index structuring method and device |
| CN107688624B (en) * | 2017-08-18 | 2020-12-29 | 杭州迪普科技股份有限公司 | Log index construction method and device |
| CN107590056A (en) * | 2017-09-27 | 2018-01-16 | 郑州云海信息技术有限公司 | The dump method and device of audit log in a kind of storage system |
| CN109033813A (en) * | 2018-07-09 | 2018-12-18 | 携程旅游信息技术(上海)有限公司 | The auditing system and method for Linux operation log |
| CN110110516A (en) * | 2019-01-04 | 2019-08-09 | 北京车和家信息技术有限公司 | Log recording method, apparatus and system |
| CN110109809A (en) * | 2019-04-08 | 2019-08-09 | 武汉思普崚技术有限公司 | According to the method and apparatus of syslog test log audit function |
| CN110109809B (en) * | 2019-04-08 | 2020-04-10 | 武汉思普崚技术有限公司 | Method and equipment for testing log auditing function according to syslog |
| CN110661650A (en) * | 2019-09-05 | 2020-01-07 | 苏州浪潮智能科技有限公司 | Log management method and device, electronic equipment and storage medium |
| CN110661650B (en) * | 2019-09-05 | 2022-06-07 | 苏州浪潮智能科技有限公司 | Log management method and device, electronic equipment and storage medium |
| CN110995836A (en) * | 2019-11-29 | 2020-04-10 | 安徽江淮汽车集团股份有限公司 | Log management method, device, storage medium and device based on Internet of vehicles platform |
| CN114338352A (en) * | 2021-12-31 | 2022-04-12 | 南通机敏软件科技有限公司 | Audit log configuration and analysis method, storage medium and processor |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101453378B (en) | 2011-01-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101453378B (en) | Method and system for log dump and audit | |
| CN100596353C (en) | Method and system for providing log service | |
| US8090693B2 (en) | System, method, and article of manufacture for maintaining and accessing a whois database | |
| CN101639879B (en) | Database security monitoring method, device and system | |
| CN103685590B (en) | Obtain the method and system of IP address | |
| CN103942287B (en) | Mass data processing method, database server and application server | |
| CN104699718A (en) | Method and device for rapidly introducing business data | |
| CN101065947A (en) | Web service registry and method of operation | |
| RU2008146060A (en) | SYNCHRONIZATION OF A STRUCTURED CONTENT OF WEB Sites | |
| CN104765840A (en) | Big data distributed storage method and device | |
| CN101727475B (en) | Method, device and system for acquiring database access process | |
| CN103118007A (en) | Method and system of acquiring user access behavior | |
| CN111046041B (en) | Data processing method and device, storage medium and processor | |
| CN1627290A (en) | Data down loading system and method capable of continuous transmission from breakpoint | |
| CN105164673A (en) | Query integration across databases and file systems | |
| CN104794190A (en) | Method and device for effectively storing big data | |
| CN109241384A (en) | A kind of method for visualizing and device of scientific research information | |
| CN104750855A (en) | Method and device for optimizing big data storage | |
| US20200233919A1 (en) | Networked page access and addressing based on partial categorization indexing | |
| US7340680B2 (en) | SAP archivlink load test for content server | |
| CN109040311B (en) | Service information push processing method and device | |
| CN108874944B (en) | XSL language transformation-based heterogeneous data mapping system and method | |
| US8335215B2 (en) | Process data for a data packet | |
| CN111125129A (en) | Data processing method and device, storage medium and processor | |
| CN101388790B (en) | Method for importing radio network performance data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CP03 | Change of name, title or address |