CN102857369A - Website log saving system, method and apparatus - Google Patents
Website log saving system, method and apparatus Download PDFInfo
- Publication number
- CN102857369A CN102857369A CN2012102797832A CN201210279783A CN102857369A CN 102857369 A CN102857369 A CN 102857369A CN 2012102797832 A CN2012102797832 A CN 2012102797832A CN 201210279783 A CN201210279783 A CN 201210279783A CN 102857369 A CN102857369 A CN 102857369A
- Authority
- CN
- China
- Prior art keywords
- necessary information
- log file
- request message
- response message
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a website log saving system, a website log saving method and a website log saving apparatus based on a bypass mirror, and is used for solving problems existing in the prior art. According to the website log saving system, the website log saving method and the website log saving apparatus based on the bypass mirror, access data is acquired in a bypass mirror manner, the data of an accessed website is subjected to bypass mirroring to obtain original data package information of the website accessed by a user, and the original data package information can be recorded into website logs in different formats after being subjected to behavior classification by a behavior analysis module. The technical scheme provided by the invention can not cause any load to a web server, and a log format is completely unconcerned with the selection of the web server. A traditional networking model is used for accessing relevant WEB servers onto a network switch, and relevant functions such as website log saving and the like are finished by a WEB server entity.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of web log file saved system and method and apparatus.
Background technology
Web log file is the file with the .log ending of the various raw informations such as record web server reception ﹠ disposal request and run time error.Whom can understand by web log file and when use what instrument to access which content of website, it is the most basic source of web analytics and website data storage.Because can become a necessary basis that guarantees the normal operation of web server by complete errorless preservation web log file.
In the prior art, web log file is by WEB server self record, when access produces the WEB server according to the journal format that sets in advance with the form of text some information recording/of this time access on local or certain webserver.
But different WEB servers is generally only supported own specific journal format, and such as the NCSA journal format of apache support and the W3C journal format of IIS support, most log analysis tool all provides the support to NCSA and at least a form of W3C.Other have some WEB servers such as nginx have oneself the acquiescence journal format, generally need manual configuration to become the NCSA form to make things convenient for the usage log analysis software.There is following problem in prior art generally:
1. access log is responsible for record by web server, and the request that web server not only needs to respond the visitor also needs the record access daily record, has increased the burden of web server.The information that obtains each time access all is to be carried out synchronously when processing request by web server, affects the performance of web server.
2. the form of daily record is relevant with the web server of use, the range of choice of the web log file analysis tool that this has greatly limited.The web server that traditional web log file form is used restricts, and has selected certain server and has also just selected certain journal format, in other words in order to use certain journal format to have to select certain server.
3. daily record layoutprocedure very complicated, some web server even only can see through configuration file and just can finish the daily record configuration, this need to have higher computer literacy to finish smoothly.Web server does not generally provide the screening function to the daily record that has generated in addition, can't carry out Screening Treatment to the daily record that has generated.
4. log recording does not possess intelligent, existing web log file is the simple entrained intrinsic information of record web message, do not possess any behavioural analysis ability, what attack or normally access for the website using daily record, not have difference no matter be, generally all need the professional and technical personnel to analyze the behavior of presumed access, if the website is attacked, in a large amount of access logs, seek and attack clue just as looking for a needle in a haystack.
Summary of the invention
For the above-mentioned shortcoming of conventional web sites logging mode, the object of the present invention is to provide a kind of web log file saved system and method and apparatus based on the bypass mirror image, thereby solve the foregoing problems that exists in the prior art.The present invention adopts the mode of bypass mirror image to obtain visit data, data to access websites are carried out " bypass mirror image ", obtain the initial data package informatin of user's access websites, access is carried out can being recorded as after behavior is classified the web log file of multiple format via the behavioural analysis module.Technical scheme of the present invention can not cause any burden to web server, and the selection of journal format and web server is fully irrelevant.The traditional group pessimistic concurrency control is exactly at the relevant WEB server of network switch access, finishes the relevant functions such as web log file preservation by the WEB server entity; And technology networking plan of the present invention is that an equipment entity has been disposed in bypass on switch, is finished the function of preserving web log file and query web daily record by this equipment entity, and the WEB server entity only needs to finish the information answer function of website.
Technical scheme disclosed by the invention is specific as follows:
A kind of web log file saved system comprises fire compartment wall, the network switch and web server, and the described network switch is the network switch that possesses mirror port, is connected with daily record on the described mirror port and preserves server; Described mirror port is used for obtaining by the traffic mirroring mode communication data of the PORT COM that is connected with described daily record preservation server.
Preferably, described daily record preservation server comprises flow collection module, http protocol-analysis model, Request message analysis module, Response message analysis module, behavioural analysis module, daily record condition checking module and web log file preservation module; Described flow collection module, described http protocol-analysis model, described Request message analysis module, described Response message analysis module, described behavioural analysis module, described daily record condition checking module and the web log file of being connected are preserved sequence of modules and are connected.
Preferably, described web log file saved system also comprises web log file screening module, and described web log file screening module is for according to the condition of request end appointment web log file being screened and the selection result being fed back to the described request end.
A kind of web log file saved system of using carries out the method that daily record is preserved, and may further comprise the steps:
S1 obtains the entire packet that described web server is received and sent by described mirror port;
S2 analyzes described packet, obtains http protocol data bag from described packet;
S3 analyzes the Request message data in the described http protocol data bag, obtains Request message necessary information;
S4 analyzes the Response message data in the described http protocol data bag, obtains Response message necessary information;
S5 analyzes described Request message necessary information and/or Response message necessary information, obtains accessing the behavior type information;
S6, with described Request message necessary information and/or Response message necessary information and/or access behavior type and pre-conditioned contrast, if meet the described pre-conditioned then described Request message of buffer memory, and wait for and obtain the Response message corresponding with this Request message, after getting access to the Response message corresponding with described Request message, then will be mutually corresponding Request message and Response message form complete access process, and described complete access process be saved in database and/or the journal file according to default form form web log file.
Preferably, further comprising the steps of:
S7, the screening conditions that arrange according to the request end filter out qualified log recording from described database and/or journal file, and should qualified log recording save as new file and feed back to the request end again.
Preferably, described pre-conditioned, described default form, described screening conditions are all by the web page setting.
Preferably, described Request message necessary information comprises visitor's IP address, the concrete domain name of access, concrete URL, Refrence information, the UserAgent of access and the Cookies that carries; Described Response message necessary information comprises response status code, the content type that carries and message length.
Preferably,
S1 is specially, and obtains by described mirror port, obtains the message that all send to described web server and send from described web server, and described message is separated into the uplink and downlink flow; And/or
S2 is specially, and distinguishes by the content analysis to TCP load in the described uplink and downlink flow, acquires the http protocol massages; And/or
S3 is specially, and to the processing of decoding of the Request message in the described http protocol massages, isolates the Request necessary information, and with described Request necessary information buffering; And/or
S4 is specially, and to the processing of decoding of the Response message in the described http protocol massages, isolates the Response necessary information, and with described Response necessary information buffering; And/or
S5 is specially, and according to described Request message and the entrained information of described Response message visitor's access behavior is analyzed, and determines the behavior type of described access behavior; And/or
S6 is specially, compare with described Request necessary information and/or described Response necessary information and/or described access behavior type and default daily record condition, if meet described default daily record condition, then the Request packet buffer that includes described Request necessary information, and the wait Response message corresponding with this Request message, after getting access to the Response message corresponding with this Request message, Request necessary information in then will be the mutually corresponding Request message and the Response necessary information in the Response message merge and form a complete access process, are combined in a final web log file and write into Databasce and/or the journal file according to default journal format and journal entries again and set up the search index of this web log file.
A kind of web log file saved system of using carries out the device that daily record is preserved, and comprising:
The flow collection module is used for obtaining the entire packet that described web server is received and sent by described mirror port;
The http protocol-analysis model is used for analyzing described packet, obtains http protocol data bag from described packet;
Request message analysis module, the Request message data for analyzing described http protocol data bag obtains Request message necessary information;
Response message analysis module, the Response message data for analyzing described http protocol data bag obtains Response message necessary information;
The behavioural analysis module is used for analyzing described Request message necessary information and/or Response message necessary information, obtains accessing the behavior type information;
Daily record condition checking module is used for described Request message necessary information and/or Response message necessary information and/or accesses behavior type and pre-conditioned contrast, if meet described pre-conditioned then send into next treatment step;
Web log file preservation module is used for that complete access process is saved in database according to default form and/or journal file forms web log file.
Preferably, described device also comprises web log file screening module, and described web log file screening module is used for according to specified requirements web log file being screened.
The invention has the beneficial effects as follows:
1. at record and when preserving web log file, on the website without any impact, need not to revise any configuration in website, need not to rewrite the webpage of website, can accomplish plug and play;
2. this programme can not damage the performance of web by the flow collection module data acquisition that places on the bypass equipment, makes web server can save resource and improves concurrent request amount and computational speed.
3. this programme has carried out intelligent classification by the behavioural analysis module to the access behavior, and attack, reptile, normal access etc. are very clear.
4. the log record of this programme and what web server of use use the apache server also can obtain the daily record of W3C form without any relation.
5. Log Filter module of the present invention can directly meet the log content of user's request to user's output.
Description of drawings
Fig. 1 is web log file saved system structural representation disclosed by the invention;
Fig. 2 is the flow chart of steps that application web log file saved system disclosed by the invention carries out the method for daily record preservation;
Fig. 3 is the schematic block diagram that application web log file saved system disclosed by the invention carries out the device of daily record preservation.
Embodiment
In order to make technical problem solved by the invention, technical scheme and beneficial effect clearer, below in conjunction with accompanying drawing, the present invention is further elaborated.Should be appreciated that embodiment described herein only in order to explain the present invention, is not intended to limit the present invention.
As shown in Figure 1, the invention discloses a kind of web log file saved system, comprise fire compartment wall, the network switch and web server, the described network switch is the network switch that possesses mirror port, is connected with daily record on the described mirror port and preserves server; Described mirror port is used for obtaining by the traffic mirroring mode communication data of the PORT COM that is connected with described daily record preservation server.Described daily record is preserved server and is comprised flow collection module, http protocol-analysis model, Request message analysis module, Response message analysis module, behavioural analysis module, daily record condition checking module and web log file preservation module; Described flow collection module, described http protocol-analysis model, described Request message analysis module, described Response message analysis module, described behavioural analysis module, described daily record condition checking module and the web log file of being connected are preserved sequence of modules and are connected.Described web log file saved system also comprises web log file screening module, and described web log file screening module is for according to the condition of request end appointment web log file being screened and the selection result being fed back to the described request end.
As shown in Figure 2, the invention discloses a kind of web log file saved system of using and carry out the method that daily record is preserved, may further comprise the steps:
S1 obtains the entire packet that described web server is received and sent by described mirror port; Be specially, obtain by described mirror port, obtain the message that all send to described web server and send from described web server, and described message is separated into the uplink and downlink flow;
S2 analyzes described packet, obtains http protocol data bag from described packet; Be specially, accurately distinguish the message that belongs to the http agreement by the content analysis to TCP load in the described uplink and downlink flow, acquire the http protocol massages; Because the http agreement is initiated by the Request message, therefore the http protocol analysis system is at first isolated the Request message, and then find replying for this Request message, respectively Request message and Response message are delivered to Request analytical system and Response analytical system, and form the corresponding relation of Request message and Response message.
S3 analyzes the Request message data in the described http protocol data bag, obtains Request message necessary information; Be specially, to the processing of decoding of the Request message in the described http protocol massages, isolate the Request necessary information, and with described Request necessary information buffering; Described Request message necessary information comprises visitor's IP address, the concrete domain name of access, concrete URL, Refrence information, the UserAgent of access and the information such as Cookies of carrying;
S4 analyzes the Response message data in the described http protocol data bag, obtains Response message necessary information; Be specially, to the processing of decoding of the Response message in the described http protocol massages, isolate the Response necessary information, and with described Response necessary information buffering; Described Response message necessary information comprises the information such as response status code, the content type that carries and message length.
S5 analyzes described Request message necessary information and/or Response message necessary information, obtains accessing the behavior type information; Be specially, according to described Request message and the entrained information of described Response message visitor's access behavior analyzed, determine the behavior type of described access behavior; Described access behavior type comprises: the multiple behavior types such as normal access, reptile and attack.
S6, with described Request message necessary information and/or Response message necessary information and/or access behavior type and pre-conditioned contrast, if meet the described pre-conditioned then described Request message of buffer memory, and wait for and obtain the Response message corresponding with this Request message, after getting access to the Response message corresponding with described Request message, then will be mutually corresponding Request message and Response message form complete access process, and described complete access process be saved in according to default form form web log file in database and/or the file; Be specially, compare with described Request necessary information and/or described Response necessary information and/or described access behavior type and default daily record condition, if meet described default daily record condition, then the Request packet buffer that includes described Request necessary information, and the wait Response message corresponding with this Request message, after getting access to the Response message corresponding with this Request message, Request necessary information in then will be the mutually corresponding Request message and the Response necessary information in the Response message merge and form a complete access process, are combined in a final web log file and write into Databasce and/or the journal file according to default journal format and journal entries again and set up the search index of this web log file.
The web log file that obtains preservation in order to allow has larger availability, after preserving web log file by above-mentioned steps, can also screen daily record by following steps.
S7, the screening conditions that arrange according to the request end filter out qualified log recording from described database and/or file, and should qualified log recording save as new file and feed back to the request end again.
Described journal format: need the clauses and subclauses that record, appearance order and the form thereof of clauses and subclauses in the daily record.Common web log file form mainly contains NCSA journal format and W3C journal format at present, is adopted by apache and IIS respectively, has again thinner classification not do introduction under these two kinds of forms.
Preserve equipment owing to having used the daily record of a special use to preserve server in this programme as daily record in addition, so just can arrange described pre-conditioned, described default form, described screening conditions etc. by the web-based management page on this server.Described default form can be NCSA common, NCSA combined, the W3C masterplate, self-defined and the W3C user-defined format of Apache etc., described screening conditions can be responsive state (such as 200,304), requesting method (such as Get), source IP, purpose IP, eliminating IP, URL rule, content type (such as picture) and behavior classification (such as normal access, reptile, attack etc.) etc.; These conditions also can be used in combination.By screening conditions are set easily, and then can the needed log content of quick obtaining, thus needn't be as looking for a needle in a haystack search daily record, improved operating efficiency.
As shown in Figure 3, the invention discloses a kind of web log file saved system of using and carry out the device that daily record is preserved, comprising:
The flow collection module is used for obtaining the entire packet that described web server is received and sent by described mirror port;
The http protocol-analysis model is used for analyzing described packet, obtains http protocol data bag from described packet;
Request message analysis module, the Request message data for analyzing described http protocol data bag obtains Request message necessary information;
Response message analysis module, the Response message data for analyzing described http protocol data bag obtains Response message necessary information;
The behavioural analysis module is used for analyzing described Request message necessary information and/or Response message necessary information, obtains accessing the behavior type information;
Daily record condition checking module is used for described Request message necessary information and/or Response message necessary information and/or accesses behavior type and pre-conditioned contrast, if meet described pre-conditioned then send into next treatment step;
Web log file preservation module is used for that complete access process is saved in database according to default form and/or journal file forms web log file.
Also comprise web log file screening module, described web log file screening module is used for according to specified requirements web log file being screened.
By adopting technique scheme disclosed by the invention, obtained following useful effect:
1. at record and when preserving web log file, on the website without any impact, need not to revise any configuration in website, need not to rewrite the webpage of website, can accomplish plug and play;
2. this programme can not damage the performance of web by the flow collection module data acquisition that places on the bypass equipment, makes web server can save resource and improves concurrent request amount and computational speed.
3. this programme has carried out intelligent classification by the behavioural analysis module to the access behavior, and attack, reptile, normal access etc. are very clear.
4. the log record of this programme and what web server of use use the apache server also can obtain the daily record of W3C form without any relation.
Log Filter module of the present invention can directly meet the log content of user's request to user's output.
The above only is preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be looked protection scope of the present invention.
Claims (10)
1. a web log file saved system comprises fire compartment wall, the network switch and web server, it is characterized in that, the described network switch is the network switch that possesses mirror port, is connected with daily record on the described mirror port and preserves server; Described mirror port is used for obtaining by the traffic mirroring mode communication data of the PORT COM that is connected with described daily record preservation server.
2. web log file saved system according to claim 1, it is characterized in that, described daily record is preserved server and is comprised flow collection module, http protocol-analysis model, Request message analysis module, Response message analysis module, behavioural analysis module, daily record condition checking module and web log file preservation module; Described flow collection module, described http protocol-analysis model, described Request message analysis module, described Response message analysis module, described behavioural analysis module, described daily record condition checking module and the web log file of being connected are preserved sequence of modules and are connected.
3. web log file saved system according to claim 1, it is characterized in that, described web log file saved system also comprises web log file screening module, and described web log file screening module is for according to the condition of request end appointment web log file being screened and the selection result being fed back to the described request end.
4. an application rights requires 1 or 2 or 3 described web log file saved systems to carry out the method that daily record is preserved, and it is characterized in that, may further comprise the steps:
S1 obtains the entire packet that described web server is received and sent by described mirror port;
S2 analyzes described packet, obtains http protocol data bag from described packet;
S3 analyzes the Request message data in the described http protocol data bag, obtains Request message necessary information;
S4 analyzes the Response message data in the described http protocol data bag, obtains Response message necessary information;
S5 analyzes described Request message necessary information and/or Response message necessary information, obtains accessing the behavior type information;
S6, with described Request message necessary information and/or Response message necessary information and/or access behavior type and pre-conditioned contrast, if meet the described pre-conditioned then described Request message of buffer memory, and wait for and obtain the Response message corresponding with this Request message, after getting access to the Response message corresponding with described Request message, then will be mutually corresponding Request message and Response message form complete access process, and described complete access process be saved in database and/or the journal file according to default form form web log file.
5. method according to claim 4 is characterized in that, and is further comprising the steps of:
S7, the screening conditions that arrange according to the request end filter out qualified log recording from described database and/or journal file, and should qualified log recording save as new file and feed back to the request end again.
6. according to claim 4 or 5 described methods, it is characterized in that, described pre-conditioned, described default form, described screening conditions are all by the web page setting.
7. according to claim 4 or 5 described methods, it is characterized in that, described Request message necessary information comprises visitor's IP address, the concrete domain name of access, concrete URL, Refrence information, the UserAgent of access and the Cookies that carries; Described Response message necessary information comprises response status code, the content type that carries and message length.
8. according to claim 4 or 5 described methods, it is characterized in that,
S1 is specially, and obtains by described mirror port, obtains the message that all send to described web server and send from described web server, and described message is separated into the uplink and downlink flow; And/or
S2 is specially, and distinguishes by the content analysis to TCP load in the described uplink and downlink flow, acquires the http protocol massages; And/or
S3 is specially, and to the processing of decoding of the Request message in the described http protocol massages, isolates the Request necessary information, and with described Request necessary information buffering; And/or
S4 is specially, and to the processing of decoding of the Response message in the described http protocol massages, isolates the Response necessary information, and with described Response necessary information buffering; And/or
S5 is specially, and according to described Request message and the entrained information of described Response message visitor's access behavior is analyzed, and determines the behavior type of described access behavior; And/or
S6 is specially, compare with described Request necessary information and/or described Response necessary information and/or described access behavior type and default daily record condition, if meet described default daily record condition, then the Request packet buffer that includes described Request necessary information, and the wait Response message corresponding with this Request message, after getting access to the Response message corresponding with this Request message, Request necessary information in then will be the mutually corresponding Request message and the Response necessary information in the Response message merge and form a complete access process, are combined in a final web log file and write into Databasce and/or the journal file according to default journal format and journal entries again and set up the search index of this web log file.
9. an application rights requires 1 or 2 or 3 described web log file saved systems to carry out the device that daily record is preserved, and it is characterized in that, comprising:
The flow collection module is used for obtaining the entire packet that described web server is received and sent by described mirror port;
The http protocol-analysis model is used for analyzing described packet, obtains http protocol data bag from described packet;
Request message analysis module, the Request message data for analyzing described http protocol data bag obtains Request message necessary information;
Response message analysis module, the Response message data for analyzing described http protocol data bag obtains Response message necessary information;
The behavioural analysis module is used for analyzing described Request message necessary information and/or Response message necessary information, obtains accessing the behavior type information;
Daily record condition checking module is used for described Request message necessary information and/or Response message necessary information and/or accesses behavior type and pre-conditioned contrast, if meet described pre-conditioned then send into next treatment step;
Web log file preservation module is used for that complete access process is saved in database according to default form and/or journal file forms web log file.
10. device according to claim 9 is characterized in that described device also comprises web log file screening module, and described web log file screening module is used for according to specified requirements web log file being screened.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210279783.2A CN102857369B (en) | 2012-08-07 | 2012-08-07 | Website log saving system, method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210279783.2A CN102857369B (en) | 2012-08-07 | 2012-08-07 | Website log saving system, method and apparatus |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102857369A true CN102857369A (en) | 2013-01-02 |
| CN102857369B CN102857369B (en) | 2015-02-11 |
Family
ID=47403577
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210279783.2A Expired - Fee Related CN102857369B (en) | 2012-08-07 | 2012-08-07 | Website log saving system, method and apparatus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102857369B (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103118035A (en) * | 2013-03-07 | 2013-05-22 | 星云融创(北京)信息技术有限公司 | Website access request parameter legal range analysis method and device |
| CN104281672A (en) * | 2014-09-28 | 2015-01-14 | 网神信息技术(北京)股份有限公司 | Log data processing method and device |
| CN104537120A (en) * | 2015-01-26 | 2015-04-22 | 浪潮通信信息系统有限公司 | User behavior analysis based DNS data mining system and method |
| CN105138606A (en) * | 2015-08-03 | 2015-12-09 | 上海斐讯数据通信技术有限公司 | Server log management method and system |
| CN105933268A (en) * | 2015-11-27 | 2016-09-07 | 中国银联股份有限公司 | Webshell detection method and apparatus based on total access log analysis |
| CN107563878A (en) * | 2017-09-27 | 2018-01-09 | 携程计算机技术(上海)有限公司 | The playback system and method for the product booking process of OTA websites |
| CN107592233A (en) * | 2017-10-30 | 2018-01-16 | 郑州云海信息技术有限公司 | A kind of method and system for screening network log |
| CN109327430A (en) * | 2018-08-01 | 2019-02-12 | 中国科学院、水利部成都山地灾害与环境研究所 | A kind of user request analysis method and apparatus |
| CN111913913A (en) * | 2020-08-07 | 2020-11-10 | 星辰天合(北京)数据科技有限公司 | Access request processing method and device |
| CN112527843A (en) * | 2020-12-18 | 2021-03-19 | 国家工业信息安全发展研究中心 | Data query method, device, terminal equipment and storage medium |
| CN114553460A (en) * | 2021-12-20 | 2022-05-27 | 东方博盾(北京)科技有限公司 | Internet shadow defense method and system |
| CN115442276A (en) * | 2022-08-23 | 2022-12-06 | 华能吉林发电有限公司长春热电厂 | Method for passively acquiring industrial control equipment logs |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101267349A (en) * | 2008-04-29 | 2008-09-17 | 杭州华三通信技术有限公司 | Network traffic analysis method and device |
| CN101719847A (en) * | 2009-10-15 | 2010-06-02 | 上海寰雷信息技术有限公司 | High-performance monitoring method for DNS traffic |
| US20120030761A1 (en) * | 2010-08-02 | 2012-02-02 | Yokogawa Electric Corporation | Improper communication detection system |
-
2012
- 2012-08-07 CN CN201210279783.2A patent/CN102857369B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101267349A (en) * | 2008-04-29 | 2008-09-17 | 杭州华三通信技术有限公司 | Network traffic analysis method and device |
| CN101719847A (en) * | 2009-10-15 | 2010-06-02 | 上海寰雷信息技术有限公司 | High-performance monitoring method for DNS traffic |
| US20120030761A1 (en) * | 2010-08-02 | 2012-02-02 | Yokogawa Electric Corporation | Improper communication detection system |
| CN102347872A (en) * | 2010-08-02 | 2012-02-08 | 横河电机株式会社 | Improper communication detection system |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103118035B (en) * | 2013-03-07 | 2016-05-04 | 星云融创(北京)科技有限公司 | Method and the device of analyzing web site access request parameters legal range |
| CN103118035A (en) * | 2013-03-07 | 2013-05-22 | 星云融创(北京)信息技术有限公司 | Website access request parameter legal range analysis method and device |
| CN104281672B (en) * | 2014-09-28 | 2021-02-12 | 网神信息技术(北京)股份有限公司 | Method and device for processing log data |
| CN104281672A (en) * | 2014-09-28 | 2015-01-14 | 网神信息技术(北京)股份有限公司 | Log data processing method and device |
| CN104537120A (en) * | 2015-01-26 | 2015-04-22 | 浪潮通信信息系统有限公司 | User behavior analysis based DNS data mining system and method |
| CN105138606A (en) * | 2015-08-03 | 2015-12-09 | 上海斐讯数据通信技术有限公司 | Server log management method and system |
| CN105933268A (en) * | 2015-11-27 | 2016-09-07 | 中国银联股份有限公司 | Webshell detection method and apparatus based on total access log analysis |
| CN105933268B (en) * | 2015-11-27 | 2019-05-10 | 中国银联股份有限公司 | A kind of website back door detection method and device based on the analysis of full dose access log |
| CN107563878A (en) * | 2017-09-27 | 2018-01-09 | 携程计算机技术(上海)有限公司 | The playback system and method for the product booking process of OTA websites |
| CN107592233A (en) * | 2017-10-30 | 2018-01-16 | 郑州云海信息技术有限公司 | A kind of method and system for screening network log |
| CN109327430A (en) * | 2018-08-01 | 2019-02-12 | 中国科学院、水利部成都山地灾害与环境研究所 | A kind of user request analysis method and apparatus |
| CN111913913A (en) * | 2020-08-07 | 2020-11-10 | 星辰天合(北京)数据科技有限公司 | Access request processing method and device |
| CN111913913B (en) * | 2020-08-07 | 2024-02-13 | 北京星辰天合科技股份有限公司 | Access request processing method and device |
| CN112527843A (en) * | 2020-12-18 | 2021-03-19 | 国家工业信息安全发展研究中心 | Data query method, device, terminal equipment and storage medium |
| CN112527843B (en) * | 2020-12-18 | 2023-04-14 | 国家工业信息安全发展研究中心 | Data query method, device, terminal equipment and storage medium |
| CN114553460A (en) * | 2021-12-20 | 2022-05-27 | 东方博盾(北京)科技有限公司 | Internet shadow defense method and system |
| CN115442276A (en) * | 2022-08-23 | 2022-12-06 | 华能吉林发电有限公司长春热电厂 | Method for passively acquiring industrial control equipment logs |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102857369B (en) | 2015-02-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102857369B (en) | Website log saving system, method and apparatus | |
| JP6488508B2 (en) | Web page access method, apparatus, device, and program | |
| US10567407B2 (en) | Method and system for detecting malicious web addresses | |
| CN101079768B (en) | A method for computing click data of webpage link | |
| CN104125209B (en) | Malice website prompt method and router | |
| US8935798B1 (en) | Automatically enabling private browsing of a web page, and applications thereof | |
| CN109684575A (en) | Processing method and processing device, storage medium, the computer equipment of web data | |
| US10447742B2 (en) | Information sharing method and device | |
| CN102436564A (en) | Method and device for identifying falsified webpage | |
| US8739024B2 (en) | Method and apparatus for processing world wide web page | |
| EP3146698A1 (en) | Method and system for acquiring web pages | |
| US20140331142A1 (en) | Method and system for recommending contents | |
| CN110808868B (en) | Test data acquisition method and device, computer equipment and storage medium | |
| KR20080052097A (en) | Harmful web site filtering method and apparatus using web structural information | |
| CN102761450A (en) | System, method and device for website analysis | |
| CN112486708B (en) | Page operation data processing method and processing system | |
| CN111008348A (en) | Anti-crawler method, terminal, server and computer readable storage medium | |
| CN109634753B (en) | Data processing method, device, terminal and storage medium for switching browser kernels | |
| WO2015179244A1 (en) | Method and system for acquiring web pages | |
| WO2014180154A1 (en) | A method and apparatus for data communication | |
| CN105159992A (en) | Method and device for detecting page contents and network behaviors of application program | |
| CN110851136A (en) | Data acquisition method and device, electronic equipment and storage medium | |
| US20140129490A1 (en) | Image url-based junk detection | |
| US10311160B2 (en) | Cloud search analytics | |
| CN203039704U (en) | Web log storage system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20170914 Address after: 3-1202 purple mansion, Tianyuan Middle Road, Jiangning District, Jiangsu, Nanjing 210000 Patentee after: Nanjing Ding Zhen Information Technology Co., Ltd. Address before: 102208, room 1, unit 102, building 18, two Longxi District, Changping District, Beijing, Huilongguan Patentee before: Beijing Dingzhen Technology Co., Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150211 Termination date: 20200807 |