Summary of the invention
In view of this, the invention provides a kind for the treatment of system and method for abnormal alarm information, with overcome in prior art due to abnormal alarm information and actual workflow organically can not be combined cause to abnormal alarm information processing efficiency and the low problem of level.
For achieving the above object, the invention provides following technical scheme:
A kind for the treatment of system of abnormal alarm information comprises: information acquisition module, Certificate Authority module, monitoring analysis module and message communicating module;
Information acquisition module is used for gathering the abnormal alarm information that safety analysis equipment produces;
The Certificate Authority module is used for the user of the treatment system of logining described abnormal alarm information is carried out authentication, and according to described the result to described user grants access scope;
The monitoring analysis module is used for Real Time Monitoring and analyzes described user to the treatment state of described abnormal alarm information operating, and described treatment state is for indicating the situation of described abnormal alarm information processing process;
The message communicating module is used for the treatment state of the described abnormal alarm information of circular in real time.
Wherein, described monitoring analysis module specifically comprises:
Receive determination module, be used for determining whether described abnormal alarm information is received;
The distribution determination module is used for determining whether described abnormal alarm information distributes;
Process determination module, be used for determining whether described abnormal alarm information has begun to process;
Examine determination module, be used for determining whether administrative center determines auditing result through examining to reach to the verification result of described abnormal alarm information;
Processing finishes determination module, is used for determining whether described abnormal alarm information is disposed.
Preferably, also comprise:
Statistics management module is used for type, number of times, time, generation area and/or the auditing result of statistics abnormal alarm information, and exports the statistical report form that comprises described type, number of times, time, generation area and/or auditing result.
Preferably, also comprise:
The abnormal monitoring module is used for according to described abnormal alarm information, monitoring analysis being carried out in the access behavior of abnormal alarm main frame, and described abnormal alarm main frame is for producing the equipment with IP address of described abnormal alarm information.
Wherein, described abnormal monitoring module also is used for: go out according to the interpretation of result of described monitoring analysis the reason that described abnormal alarm information produces.
A kind of processing method of abnormal alarm information comprises:
Gather the abnormal alarm information that safety analysis equipment produces;
User to the treatment system of logining described abnormal alarm information carries out authentication, and according to described the result to described user grants access scope;
Real Time Monitoring is analyzed described user to the treatment state of described abnormal alarm information operating, and described treatment state is for indicating the situation of described abnormal alarm information processing process;
Be used for the treatment state of the described abnormal alarm information of circular in real time.
Wherein, the described user of described Real Time Monitoring analysis specifically comprises the treatment state of described abnormal alarm information operating:
Determine whether described abnormal alarm information is received;
Determine whether described abnormal alarm information distributes;
Determine whether described abnormal alarm information has begun to process;
Determine whether administrative center reaches definite auditing result through audit to the verification result of described abnormal alarm information;
Determine whether described abnormal alarm information is disposed.
Preferably, also comprise:
Type, number of times, time, generation area and/or the auditing result of statistics abnormal alarm information, and output comprises the statistical report form of described type, number of times, time, generation area and/or auditing result.
Preferably, also comprise:
According to described abnormal alarm information, monitoring analysis is carried out in the access behavior of abnormal alarm main frame, described abnormal alarm main frame is for producing the equipment with IP address of described abnormal alarm information.
Preferably, also comprise:
Go out according to the interpretation of result of described monitoring analysis the reason that described abnormal alarm information produces.
via above-mentioned technical scheme as can be known, compared with prior art, the invention discloses a kind for the treatment of system and method for abnormal alarm information, the abnormal alarm information of this system on can collection network, and the user of the described abnormal alarm information of needs processing is carried out authentication, when described user carries out relevant treatment to described abnormal alarm information, the treatment state of the described abnormal alarm information of monitoring analysis, and can circulate a notice of in real time the processing auditing result of abnormal alarm information, make described user can understand quickly and easily its treatment progress, described system can also monitoring analysis abnormal alarm main frame the access behavior, analyze the reason of alarm generation.By treatment system and the method for described abnormal alarm information, can organically abnormal alarm information, personnel, flow process etc. be combined, improved the treatment effeciency of abnormal alarm information.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
Embodiment one
Fig. 1 is the structural representation of the disclosed a kind of abnormal alarm information processing system of the embodiment of the present invention, and as shown in the figure, the treatment system 10 of described abnormal alarm information can comprise:
Information acquisition module 101 is used for gathering the abnormal alarm information that safety analysis equipment produces;
The safety analysis equipment here can be supported for all the safety analysis equipment of the agreements such as SNMP (simple network management), SYSLOG (system journal), described information acquisition module can be in mode initiatively, also can be with passive mode acquisition abnormity warning message from the network;
Certificate Authority module 102 is used for the user of the treatment system of logining described abnormal alarm information is carried out authentication, and according to described the result to described user grants access scope;
the user is carried out authentication can be undertaken by the existing hardware certificate of authentication internal control personnel, when the user logins, the hardware certificate that needs the insertion system acquiescence, determine the level of identity of login user by the identifying code on described certificate or magnetic induction information, authorize described login user corresponding access rights according to described level of identity, level of identity is higher, be that the affiliated administrative center's rank of described login user is higher, its authority to system access and management that has is just more, certainly, Certificate Authority work also can be given cipher authentication, can confirm more accurately the identity of login user like this,
Monitoring analysis module 103 is used for Real Time Monitoring and analyzes described user to the treatment state of described abnormal alarm information operating, and described treatment state is for indicating the situation of described abnormal alarm information processing process;
in the treatment system of described abnormal alarm information, when the number of levels of administrative department not simultaneously, corresponding described treatment state number is also different, be divided into ministerial level in administrative department, in the situation of provincial and prefecture-level three grades, described treatment state comprises to be distributed, wait to receive, pending, in processing, treat province's audit, economizing audit does not pass through, economizing audit passes through, treat section's audit, section's audit is not passed through, section's audit is passed through, ten kinds of states such as processed, relevant distribution, receive, the work such as processing and audit are still done by administrative staff, described monitoring analysis module just is used to refer to the treatment progress of abnormal alarm information, so also be convenient to the disposition that all levels of management personnel understand all abnormal alarm information, help to increase work efficiency, function according to described monitoring analysis module 103, with reference to shown in Figure 2, described monitoring analysis module 103 specifically can comprise again:
Receive determination module 1031, be used for determining whether described abnormal alarm information is received;
After 102 checkings of Certificate Authority module are completed, described login user can enter the relevant page, receive the new abnormal alarm information that produces, described login user can confirm that described abnormal alarm information receives by " reception " button that triggers on the page, system also can record the director of each abnormal alarm information simultaneously according to log-on message, be convenient to the carrying out of some follow-up statistical works;
Distribution determination module 1032 is used for determining whether described abnormal alarm information distributes;
After receiving described abnormal alarm information, administrative department begins to distribute described abnormal alarm information, administrative department at the corresponding levels can keep described abnormal alarm information the administrative department of subordinate that administrative department at the corresponding levels processed or be distributed to area under one's jurisdiction, described abnormal alarm information place and process, and first degree administrative department is not to the right of abnormal alarm distribution of information;
Process determination module 1033, be used for determining whether described abnormal alarm information has begun to process;
Described processing determination module 1033 can according to administrative staff whether to described abnormal alarm information begin to verify job analysis go out described abnormal alarm information whether begun process, can determine described abnormal alarm information whether be in pending or process in state;
Examine determination module 1034, be used for determining whether administrative center determines auditing result through examining to reach to the verification result of described abnormal alarm information;
the abnormal alarm information that is disposed, be that the verification result of described abnormal alarm information need to send to the audit of upper management department, described audit determination module 1034 can judge whether the verification result of described abnormal alarm information has begun audit and can determine auditing result by the trigger action on the page according to administrative staff, whether the verification result that can determine described abnormal alarm information is in pending state and judges whether the verification result of described abnormal alarm information has passed through audit, the verification result of abnormal alarm information by audit continues to report, until the audit by highest administrative department, do not pass through the verification result of the abnormal alarm information of audit, automatically be issued to next stage administrative department,
Processing finishes determination module 1035, is used for determining whether described abnormal alarm information is disposed;
The verification of examining complete described abnormal alarm information as described user is as a result the time, and by triggering " finishing " button on the page, described end determination module 1035 determines that described abnormal alarm information is in treatment state;
Message communicating module 104 is used for treatment state and the auditing result of circular abnormal alarm information in real time;
This message communication module 104 can be realized the communication between administrative departments at different levels easily, as higher level administrative department, information is circulated a notice of or is supervised in the issue of administrative department of subordinate extremely, users at different levels login treatment progress and the auditing result of the current abnormal alarm information of rear roll display and described current abnormal alarm information, can make administrative department respond fast the supervisor of processing and emphasis abnormal alarm information, this module can facilitate the interchange between all levels of management personnel simultaneously;
in the present embodiment, the treatment system of described abnormal alarm information is at first by the abnormal alarm information on the information acquisition module collection network, then by the Certificate Authority module, the user of the treatment system of logining described abnormal alarm information is carried out authentication, be the user grants access by authentication, analyze described user to the treatment state of described abnormal alarm information operating by monitoring analysis module Real Time Monitoring again, make described user can understand quickly and easily the treatment progress of described abnormal alarm information, described system can also circulate a notice of the processing auditing result of abnormal alarm information in real time, communication between convenient administrative departments at different levels.Described system organically combines abnormal alarm information, personnel, flow process etc., has improved the treatment effeciency of abnormal alarm information.
Embodiment two
Fig. 3 is the structural representation of the disclosed another kind of abnormal alarm information processing system of the embodiment of the present invention, and with reference to Fig. 3, the treatment system 10 of described abnormal alarm information can comprise:
Information acquisition module 101 is used for gathering the abnormal alarm information that safety analysis equipment produces;
Certificate Authority module 102 is used for the user of the treatment system of logining described abnormal alarm information is carried out authentication, and according to described the result to described user grants access scope;
Monitoring analysis module 103 is used for Real Time Monitoring and analyzes described user to the treatment state of described abnormal alarm information operating, and described treatment state is for indicating the situation of described abnormal alarm information processing process;
In the present embodiment, described analysis monitoring module 103 specifically can comprise:
Receive determination module 1031, be used for determining whether described abnormal alarm information is received;
Distribution determination module 1032 is used for determining whether described abnormal alarm information distributes;
Process determination module 1033, be used for determining whether described abnormal alarm information has begun to process;
Examine determination module 1034, be used for determining whether administrative center determines auditing result through examining to reach to the verification result of described abnormal alarm information;
Processing finishes determination module 1035, is used for determining whether described abnormal alarm information is disposed;
Message communicating module 104 is used for treatment state and the auditing result of circular abnormal alarm information in real time;
Statistics management module 301 is used for type, number of times, time, generation area and/or the auditing result of statistics abnormal alarm information, and exports the statistical report form that comprises described type, number of times, time, generation area and/or auditing result;
Described statistics management module 301 can the described abnormal alarm information of statistic record relevant information, and can export statistical report form, the statistical report form here can be exported in a variety of forms, such as cake chart, block diagram, curve chart etc., described statistical report form can be used as the purposes such as the daily O﹠M of administrative departments at different levels, supervisor, abnormal alarm information analysis;
Abnormal monitoring module 302 is used for according to described abnormal alarm information, monitoring analysis being carried out in the access behavior of abnormal alarm main frame, and goes out according to described monitoring analysis interpretation of result the reason that described abnormal alarm information produces;
Wherein, described abnormal alarm main frame is for producing the equipment with IP address of described abnormal alarm information, close supervision is carried out in 302 pairs of access behaviors that produce the main frame of abnormal alarm information of described abnormal monitoring module, analyze its warning reason, be convenient to administrative department to the work for the treatment of of abnormal alarm information.
in the present embodiment, the treatment system of described abnormal alarm information is at first by the abnormal alarm information on the information acquisition module collection network, then by the Certificate Authority module, the user of the treatment system of logining described abnormal alarm information is carried out authentication, be the user grants access by authentication, analyze described user to the treatment state of described abnormal alarm information operating by monitoring analysis module Real Time Monitoring again, can circulate a notice of in real time by the message communicating module processing auditing result of abnormal alarm information, communication between convenient administrative departments at different levels, make described user can understand quickly and easily the treatment progress of described abnormal alarm information, described system can also monitoring analysis abnormal alarm main frame the access behavior, analyze the reason of alarm generation.This system organically combines abnormal alarm information, personnel, flow process etc., has improved the treatment effeciency of abnormal alarm information.
Embodiment three
Fig. 4 is a kind of schematic flow sheet of the disclosed abnormal alarm information processing method of the embodiment of the present invention, and with reference to shown in Figure 4, the processing method of abnormal alarm information can comprise:
Step 401: gather the abnormal alarm information that safety analysis equipment produces;
Step 402: the user to the treatment system of logining described abnormal alarm information carries out authentication, and according to described the result to described user grants access scope;
Step 403: Real Time Monitoring is analyzed described user to the treatment state of described abnormal alarm information operating;
Wherein, described treatment state is for indicating the situation of described abnormal alarm information processing process; With reference to figure 5, in actual applications, described step 403 specifically can comprise the following steps:
Step 501: determine whether described abnormal alarm information is received;
Step 502: determine whether described abnormal alarm information distributes;
Step 503: determine whether described abnormal alarm information has begun to process;
Step 504: determine whether administrative center reaches definite auditing result through audit to the verification result of described abnormal alarm information;
Step 505: determine whether described abnormal alarm information is disposed.
Step 404: treatment state and the auditing result of circulating a notice of in real time described abnormal alarm information.
In the present embodiment, the processing method of described abnormal alarm information is the abnormal alarm information on collection network at first, then the user of the treatment system of logining described abnormal alarm information carried out authentication, be the user grants access by authentication, Real Time Monitoring is analyzed described user to the treatment state of described abnormal alarm information operating again, make described user can understand quickly and easily the treatment progress of described abnormal alarm information, described method can be circulated a notice of the processing auditing result of abnormal alarm information simultaneously in real time, the communication between convenient administrative departments at different levels.Described method organically combines abnormal alarm information, personnel, flow process etc., has improved the treatment effeciency of abnormal alarm information.
Embodiment four
Fig. 6 is the another kind of schematic flow sheet of the disclosed abnormal alarm information processing method of the embodiment of the present invention, and with reference to shown in Figure 6, the processing method of abnormal alarm information can comprise:
Step 601: gather the abnormal alarm information that safety analysis equipment produces;
Step 602: the user to the treatment system of logining described abnormal alarm information carries out authentication, and according to described the result to described user grants access scope;
Step 603: Real Time Monitoring is analyzed described user to the treatment state of described abnormal alarm information operating;
Step 604: treatment state and the auditing result of circulating a notice of in real time described abnormal alarm information;
Step 605: type, number of times, time, generation area and/or the auditing result of statistics abnormal alarm information, and output comprises the statistical report form of described type, number of times, time, generation area and/or auditing result;
Step 606: according to described abnormal alarm information, monitoring analysis is carried out in the access behavior of abnormal alarm main frame, and go out according to described monitoring analysis interpretation of result the reason that described abnormal alarm information produces.
In the present embodiment, at first the abnormal alarm information on collection network, then the user of the treatment system of logining described abnormal alarm information carried out authentication, be the user grants access by authentication, Real Time Monitoring is analyzed described user to the treatment state of described abnormal alarm information operating again, can circulate a notice of in real time the processing auditing result of abnormal alarm information, communication between convenient administrative departments at different levels makes described user can understand quickly and easily the treatment progress of described abnormal alarm information; Further, access behavior that can also monitoring analysis abnormal alarm main frame analyzes the reason of alarm generation.The present embodiment organically combines abnormal alarm information, personnel, flow process etc., has improved the treatment effeciency of abnormal alarm information.
Embodiment five
The present embodiment is in the situation that administrative department is divided into ministerial level, provincial, prefecture-level triode is managed department, the specific embodiment that abnormal alarm information, personnel and flow process are combined, wherein, ministerial level administrative department is highest administrative department, prefecture-level administrative department is lowermost level administrative department, that the treatment state of abnormal alarm information comprises is to be distributed, wait to receive, pending, process in, treat province's audit, economize audit not by, economize audit by, the section's for the treatment of audit, section's audit not by, section's audit by, ten kinds of states such as process.Fig. 7 is the state flow chart that the disclosed ministerial level of the embodiment of the present invention is processed abnormal alarm information, and is shown in Figure 7, and the state flow process that ministerial level administrative department processes abnormal alarm information can be:
Treatment system in described abnormal alarm information has received all abnormal alarm information, and the ministerial level administrative staff have been when having signed in on the treatment system of described abnormal alarm event, and described abnormal alarm information is in the reception state for the treatment of;
The ministerial level administrative staff enter state to be distributed after receiving described abnormal alarm information by operation;
The ministerial level administrative staff are with described abnormal alarm information or keep at the corresponding levels the processing, or are distributed to provincial newly-increased abnormal alarm information downwards, keep the abnormal alarm information of processing at the corresponding levels and transfer armed state to;
The ministerial level administrative staff trigger display page " processing " button, begin to process to keep the abnormal alarm information of processing at the corresponding levels, and described abnormal alarm information transfers state in processing to;
Ministerial level administrative center is highest administrative center, and the abnormal alarm information of processing does not need process audit again, and the abnormal alarm information that is disposed changes treatment state over to;
Verification result by the provincial pending abnormal alarm information of offering in provincial administrative department is in the section's for the treatment of audit state;
If described provincial pending abnormal alarm information exchange is crossed the ministerial level audit, then the section's of changing over to audit continues to change over to treatment state by state; If described provincial pending abnormal alarm information is not examined by ministerial level, state is not passed through in the section's of changing over to audit, and automatically is issued in provincial newly-increased abnormal alarm information, enters provincial corresponding flow process.
Fig. 8 is the state flow chart of the disclosed provincial processing abnormal alarm information of the embodiment of the present invention, and is shown in Figure 8, and the state flow process that provincial administrative department processes abnormal alarm information can be:
When provincial administrative department had received on the treatment system that the abnormal alarm information that ministerial level administrative department issues and the abnormal alarm information of not examining by ministerial level and provincial administrative staff signed in to described abnormal alarm event, described abnormal alarm information was in the reception state for the treatment of;
Provincial administrative staff enter state to be distributed after receiving described abnormal alarm information by operation;
Provincial administrative staff are with described abnormal alarm information or keep at the corresponding levels the processing, or are distributed to prefecture-level newly-increased abnormal alarm information downwards, keep the abnormal alarm information of processing at the corresponding levels and transfer armed state to;
Provincial administrative staff trigger display page " processing " button, begin to process to keep the abnormal alarm information of processing at the corresponding levels, and described abnormal alarm information transfers state in processing to;
Provincial administrative staff will keep the verification result of the abnormal alarm information of processing at the corresponding levels and examine to ministerial level as provincial pending information reporting, change the section's for the treatment of audit state over to;
Be in by the prefecture-level pending information of offering in prefecture-level administrative department the province's audit state for the treatment of;
If described prefecture-level pending information exchange is crossed provincial audit, change province's audit over to by state, then the verification result of described abnormal alarm information is examined to ministerial level as provincial pending information reporting, change the section's for the treatment of audit state over to; If described prefecture-level pending abnormal alarm information not by provincial audit, changes province's audit over to not by state, and automatically is issued in prefecture-level newly-increased abnormal alarm information, enter prefecture-level corresponding flow process;
If described provincial pending abnormal alarm information exchange is crossed the ministerial level audit, then the section's of changing over to audit continues to change over to treatment state by state; If described provincial pending abnormal alarm information is not examined by ministerial level, state is not passed through in the section's of changing over to audit, and automatically is issued in provincial newly-increased abnormal alarm information, enters provincial corresponding flow process.
Fig. 9 is the state flow chart of the disclosed prefecture-level processing abnormal alarm information of the embodiment of the present invention, and is shown in Figure 9, and the state flow process that prefecture-level administrative department processes abnormal alarm information can be:
Prefecture-level administrative department received abnormal alarm information that provincial administrative department issues and not abnormal alarm information and the prefecture-level administrative staff by provincial audit signed in to described abnormal alarm event treatment system on the time, described abnormal alarm information is in the reception state for the treatment of;
Prefecture-level administrative staff enter armed state after receiving described abnormal alarm information by operation;
Prefecture-level administrative staff trigger display page " processing " button, begin to process abnormal alarm information, and described abnormal alarm information transfers state in processing to;
With the verification result of described abnormal alarm information as prefecture-level pending information reporting to provincial audit, change the province's audit state for the treatment of over to;
If described prefecture-level pending information exchange is crossed provincial audit, change province's audit over to by state, then the verification result of described abnormal alarm information is examined to ministerial level as provincial pending information reporting, change the section's for the treatment of audit state over to; If described prefecture-level pending information not by provincial audit, changes province's audit over to not by state, and automatically is issued in prefecture-level newly-increased abnormal alarm information, enter prefecture-level corresponding flow process;
If described provincial pending information exchange is crossed the ministerial level audit, then the section's of changing over to audit continues to change over to treatment state by state; If described provincial pending abnormal alarm information is not examined by ministerial level, state is not passed through in the section's of changing over to audit, and automatically is issued in provincial newly-increased abnormal alarm information, enters provincial corresponding flow process.
In the process of processing abnormal alarm information, can give relevant administrative staff with the treatment state of abnormal alarm event and emphasis supervisor's the timely circular of abnormal alarm information by communication equipment, make the response of each abnormal alarm information process more accurately rapid.
In the present embodiment, the handling process of described administrative departments at different levels to the abnormal alarm event, reasonable not only, and implement convenient and swiftly, and organically abnormal alarm information, personnel, flow process etc. are combined, improved the treatment effeciency of abnormal alarm information.
The system and method for describing in conjunction with embodiment disclosed herein can directly use the software module of hardware, processor execution, and perhaps both combination is implemented.Software module can be placed in the storage medium of any other form known in random asccess memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field.
To the above-mentioned explanation of the disclosed embodiments, make this area professional and technical personnel can realize or use the present invention.Multiple modification to these embodiment will be apparent concerning those skilled in the art, and General Principle as defined herein can be in the situation that do not break away from the spirit or scope of the present invention, realization in other embodiments.Therefore, the present invention will can not be restricted to these embodiment shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.