CN103809981A - Method and system for acquiring records through operation of general file system - Google Patents
Method and system for acquiring records through operation of general file system Download PDFInfo
- Publication number
- CN103809981A CN103809981A CN201410066581.9A CN201410066581A CN103809981A CN 103809981 A CN103809981 A CN 103809981A CN 201410066581 A CN201410066581 A CN 201410066581A CN 103809981 A CN103809981 A CN 103809981A
- Authority
- CN
- China
- Prior art keywords
- module
- file
- user
- information
- state
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000004891 communication Methods 0.000 claims abstract description 90
- 230000009471 action Effects 0.000 claims description 20
- 238000009434 installation Methods 0.000 claims description 13
- 238000012545 processing Methods 0.000 claims description 11
- 230000005540 biological transmission Effects 0.000 claims description 7
- 238000000605 extraction Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 5
- 238000001514 detection method Methods 0.000 claims description 3
- 238000011084 recovery Methods 0.000 claims description 3
- 230000006399 behavior Effects 0.000 abstract description 15
- 230000006872 improvement Effects 0.000 abstract description 4
- 238000007405 data analysis Methods 0.000 abstract description 3
- 238000012217 deletion Methods 0.000 description 7
- 230000037430 deletion Effects 0.000 description 7
- 230000004044 response Effects 0.000 description 6
- 230000002688 persistence Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 230000002085 persistent effect Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Abstract
The invention relates to a method for acquiring records through operation of a general file system. The method includes the following steps that firstly, a file operation intercept and capture module and an external file system are connected; secondly, whether the file operation intercept and capture module and the external file system are connected for the first time or not is judged, if yes, the third step is executed, and if not, the fourth step is executed; thirdly, a communication device is built for an idle device number which does not correspond to any communication device, and the built communication device and the idle device number are connected; fourthly, intercept and capture command information is received and sent to the file operation intercept and capture module; fifthly, operation information is intercepted and captured according to the intercept and capture command information; sixthly, the intercepted and captured operation information is sent to the communication device, and the received file operation information is sent to a user state operating record module; seventhly, the processed operation information is written in storage space according to different types; eighthly, the connection is switched off, and unloading is finished. The characteristics of user operation are grasped according to the level of the file system, and convenience is brought to further data analysis based on user behaviors and characteristic improvement of the file system.
Description
Technical field
The method and system of record are obtained in the operation that the present invention relates to a kind of universal document system.
Background technology
Linux has become one of first-selected platform of information security field and enterprise-level application and exploitation, and increasing system depends on the Linux platform of stablizing with popular day by day and disposes.And the characteristic of increasing income of Linux also caused numerously on this platform meeting different demands, there are the various file system of different qualities to emerge in an endless stream, and also depending on specific file system, different system-level application bringing into play oneself advantage.
Obtain the inner concrete behavior of file system, understand focus and private data, not only the optimization of upper layer application is had to certain directive significance, simultaneously the operating characteristic analysis to user, to the behavior tracking of upper layer application, to file system performance, optimization is all significant.And hidden on the difference in realization of different file and business documentation system interface caused great difficulty to the concrete behavior of obtaining file system inside.
In the face of different file system, Linux is providing the Switch to the abstract VFS(Virtual File of the unification of numerous file system System).By VFS level of abstraction, the file system that meets VFS interface just can be used on Linux platform.Therefore start with and make to obtain the inner concrete behavior of file system and become possibility from VFS layer.And modularization load mechanism LKM(loadable kernel module is intercepted and captured in Linux file operation), this method is simplified in realization more with quick.
Not yet find the domestic correlation technique solution relevant issues that have.
Summary of the invention
Technical matters to be solved by this invention is, for the deficiencies in the prior art, to provide a kind of operation of the universal document system based on Linux that has solved the problem of obtaining file system operation to obtain the method for record.
The technical scheme that the present invention solves the problems of the technologies described above is as follows: the method for record is obtained in a kind of operation of universal document system, specifically comprises the following steps:
Step 1: it is that module is intercepted and captured in file operation and foreign file system connects that Unload module is installed;
Step 2: judge whether whether module is intercepted and captured in file operation is and foreign file system first connection if so, to perform step 3; Otherwise, execution step 4;
Step 3: file operation is intercepted and captured module the free device number that does not have corresponding communication facilities is created to communication facilities, and the communication facilities creating is created and is connected with free device number;
Step 4: user's state equipment operating module receives the intercepting and capturing instruction of user's input, and intercept and capture module transmission to file operation and intercept and capture command information;
Step 5: file operation intercepting and capturing module is intercepted and captured the operation information of file from foreign file system according to described intercepting and capturing command information;
Step 6: file operation is intercepted and captured module the operation information of the file of intercepting and capturing is sent to communication facilities, and the operation information of the file receiving is sent to user's state operation note module by communication facilities;
Step 7: user's state operation note module is processed described operation information, and by operation information after treatment according to the dissimilar storage space that writes;
Step 8: file operation is intercepted and captured module and disconnected being connected of free device number and communication facilities, installs Unload module and disconnects being connected of file operation intercepting and capturing module and foreign file system, completes unloading.
The invention has the beneficial effects as follows: the present invention grasps the feature of user's operation from file system level, be convenient to further data analysis and the improved properties of file system etc. based on user behavior; Provide a kind of operation of the universal document system based on Linux to obtain and recording method, hyalomere is deployed in different file system, effectively obtain operation inner in different file, avoid the development and maintenance cost causing because of file system otherness, simplified the data reserve flow process of file system behavior.
On the basis of technique scheme, the present invention can also do following improvement.
The operation information of the foreign file system that further, described file operation intercepting and capturing module is obtained comprises the mount point path of foreign file system and the action type information of needs record.
Further, described step 5 specifically comprises the following steps:
Step 5.1: file operation is intercepted and captured module and judged whether to process the intercepting and capturing command information that user's state equipment operating module sends, if processed, execution step 5.2; Otherwise, execution step 6;
Step 5.2: file operation is intercepted and captured module and judged whether that execution intercepting and capturing command information obtains file system handle, if so, carries out next step, otherwise, execution step 5.5;
Step 5.4: open mount point and obtain the data structure that VFS Virtual File System is relevant, preserve and revise the data structure that VFS Virtual File System is relevant, and preserve the virgin state of current state quilt and Update Table structure, and open the mount point of closing, return to execution step 5.1;
Step 5.5: judge whether that execution intercepting and capturing command information obtains the data of assigned operation, if so, carries out next step; Otherwise, execution step 5.8;
Step 5.6: trigger corresponding operation by VFS Virtual File System, obtain file system and the data of this operation;
Step 5.7: filter required partial data in the data obtained, and the partial data obtaining copies in user's space, call the respective operations of bottom document system, return to execution step 5.1;
Step 5.8: judge whether executable operations request recovery file system handle, if so, carry out next step, otherwise, execution step 5.1;
Step 5.9: open mount point and obtain the data structure that VFS Virtual File System is relevant, reading and saving is in the relevant data structure of VFS Virtual File System, and returns to virgin state; Close mount point, return to execution step 5.1.
Further, step 6 specifically comprises the following steps:
Step 6.1: file operation is intercepted and captured module and opened communication facilities with read-write mode;
Step 6.2: module transmission mount point path is intercepted and captured in file operation and action type information sends to communication facilities;
Step 6.3: the operation information of the file receiving is sent to user's state operation note module by communication facilities.
Further, described step 7 specifically comprises the following steps:
Step 7.1: user's state operation note module is carried out initialization;
Step 7.2: user's state operation note module judges whether to receive the filesystem information that user's state equipment operating module sends, and if so, carries out next step; Otherwise, execution step 8;
Step 7.3: receive the filesystem information that user's state equipment operating module sends, filesystem information is carried out to pre-service;
Step 7.4: by pretreated information according to the dissimilar storage space that writes.
Further, described in described step 7.3, pre-service comprises Data classification, serializing and information extraction.
The technical scheme that the present invention solves the problems of the technologies described above is as follows: the system of record is obtained in a kind of operation of universal document system, comprising: Unload module, file operation intercepting and capturing module, communication facilities, user's state equipment operating module and user's state operation note module are installed;
Described installation Unload module is used to file operation to intercept and capture module and foreign file system and connects and disconnect, and disconnects being connected of free device number and communication facilities;
Described file operation is intercepted and captured module for obtaining the free device number that does not have corresponding communication facilities, and by free device number be connected with its corresponding associated communication facilities establishment; And file operation is intercepted and captured module for intercept and capture the operation information of file from foreign file system according to described intercepting and capturing command information; And the operation information of the file of intercepting and capturing is sent to communication facilities;
Described user's state equipment operating module is used for the intercepting and capturing instruction of the input that receives user, and intercepts and captures module transmission to file operation and intercept and capture command information;
The operation information of the file receiving is sent to user's state operation note module by described communication facilities;
Described user's state operation note module is for processing described operation information, and by operation information after treatment according to the dissimilar storage space that writes.
The invention has the beneficial effects as follows: the present invention grasps the feature of user's operation from file system level, be convenient to further data analysis and the improved properties of file system etc. based on user behavior; Provide a kind of operation of the universal document system based on Linux to obtain and register system, hyalomere is deployed in different file system, effectively obtain operation inner in different file, avoid the development and maintenance cost causing because of file system otherness, simplified the data reserve flow process of file system behavior.
On the basis of technique scheme, the present invention can also do following improvement.
Further, described installation Unload module comprises authority judge module, belongs to pack module and link block;
Whether described authority judge module has the authority of operation installation Unload module for detection of user;
Described genus pack module is used for obtaining user profile, as the genus group of communication facilities;
Described link block connects for intercepting and capturing module with file operation.
Further, described file operation intercepting and capturing module comprises open communication EM equipment module, forwarding module, obtains operational module and sending module;
The mount point path of the file system that described open communication EM equipment module is obtained for received communication equipment and the action type that will record, be recorded to described action type in action type set, and open communication facilities with read-write mode;
Described forwarding module is used for sending mount point path and operation type set is incorporated into communication facilities;
The described operational module that obtains is for obtaining the operation of specific operation type set, and sends operation requests to communication facilities, the relevant operation information of assigned operation type set of received communication equipment feedback;
Described sending module is for sending to user's state operation note module by the operation information obtaining.
Further, described user's state operation note module comprises initialization module, receiving processing module and memory module;
Described initialization module is for carrying out initialization to user's state operation note module;
The filesystem information that described receiving processing module sends for receiving user's state equipment operating module, carries out pre-service to filesystem information;
Described memory module is used for pretreated information according to the dissimilar storage space that writes.
Further, described in described receiving processing module, pre-service comprises Data classification, serializing and information extraction.
When described installation Unload module completes the operation of file operation intercepting and capturing module loading, need to load particular file operation and intercept and capture module and create device node according to specific primary and secondary device number; When module is intercepted and captured in uninstall file operation, module is intercepted and captured in the file operation that need to remove loading, deletes the device node creating;
Described user's state equipment operating module has been eliminated the limitation of controlling at kernel state, has strengthened the function of communicating pair; First open communication facilities and monitor, then initiate according to demand request, as obtain file system handle, obtain inquiry and create the operations such as deletion, obtain the operation information of the operations such as inquiry, establishment or deletion etc., finally receive to reply and obtain information needed;
The operation requests of module for arranging according to user's state equipment operating module intercepted and captured in described file operation, carries out the operation of respective file intercept and capture at kernel state, obtains the data structure of VFS Virtual File System, obtains the service data via VFS Virtual File System; And the response operation of response control, first the equipment that registration is installed, receive the control request of user's state, carry out different logics and operation according to different control requests, as obtain file system handle, obtain inquiry and create deletions and wait operation, obtain inquiry and create to delete and wait the content of operation etc. operating, then related data is delivered to user's state space;
Described user's state operation note module, can be by the operation store of intercepting and capturing in file, database storage system by user's state, file system behavior being carried out to persistence operation; Make full use of ripe memory interface and storage mode; Record operation, is first to obtain the information that kernel state that user's state control module obtains transmits, and the type feature providing according to control module, is saved in information in follow-up storage, is saved in database as the mode writing in files with stream or in the mode of record.
Accompanying drawing explanation
Fig. 1 is the method flow diagram that record is obtained in the operation of a kind of universal document system described in the specific embodiment of the invention 1;
Fig. 2 is that the operational flowchart that in the method for record, communication facilities is installed is obtained in the operation of a kind of universal document system described in the specific embodiment of the invention 1;
Fig. 3 is the operational flowchart that user's state control communication facilities in the method for record is obtained in the operation of a kind of universal document system described in the specific embodiment of the invention 1;
Fig. 4 is the operational flowchart that kernel state device responds control in the method for record is obtained in the operation of a kind of universal document system described in the specific embodiment of the invention 1;
Fig. 5 is the operational flowchart that user's state log file system action in the method for record is obtained in the operation of a kind of universal document system described in the specific embodiment of the invention 1;
Fig. 6 is the operational flowchart that communication facilities unloading in the method for record is obtained in the operation of a kind of universal document system described in the specific embodiment of the invention 1;
Fig. 7 is the system architecture diagram that record is obtained in the operation of a kind of universal document system described in the specific embodiment of the invention 1;
Fig. 8 is the structured flowchart that module is intercepted and captured in the file operation described in the specific embodiment of the invention 1.
In accompanying drawing, the list of parts of each label representative is as follows:
1, Unload module is installed, 2, user's state equipment operating module, 3, file operation intercepts and captures module, 4 user's state operation note modules, 5, communication facilities, 11, authority judge module, 12, belong to pack module, 13, link block, 31, open communication EM equipment module, 32, forwarding module, 33, obtain operational module, 34, sending module, 41, initialization module, 42, receiving processing module, 43, memory module.
Embodiment
Below in conjunction with accompanying drawing, principle of the present invention and feature are described, example, only for explaining the present invention, is not intended to limit scope of the present invention.
As shown in Figure 1, obtain the method for record for the operation of a kind of universal document system described in the specific embodiment of the invention 1, specifically comprise the following steps:
Step 1: it is that module is intercepted and captured in file operation and foreign file system connects that Unload module is installed;
Step 2: judge whether whether module is intercepted and captured in file operation is and foreign file system first connection if so, to perform step 3; Otherwise, execution step 4;
Step 3: file operation is intercepted and captured module the free device number that does not have corresponding communication facilities is created to communication facilities, and the communication facilities creating is created and is connected with free device number;
Step 4: user's state equipment operating module receives the intercepting and capturing instruction of user's input, and intercept and capture module transmission to file operation and intercept and capture command information;
Step 5: file operation intercepting and capturing module is intercepted and captured the operation information of file from foreign file system according to described intercepting and capturing command information;
Step 6: file operation is intercepted and captured module the operation information of the file of intercepting and capturing is sent to communication facilities, and the operation information of the file receiving is sent to user's state operation note module by communication facilities;
Step 7: user's state operation note module is processed described operation information, and by operation information after treatment according to the dissimilar storage space that writes;
Step 8: file operation is intercepted and captured module and disconnected being connected of free device number and communication facilities, installs Unload module and disconnects being connected of file operation intercepting and capturing module and foreign file system, completes unloading.
As shown in Figure 2, obtain for the operation of a kind of universal document system described in the specific embodiment of the invention 1 operational flowchart that in the method for record, communication facilities is installed, concrete steps are as follows:
Step 201: check whether user right can be used, because establishment equipment and load driver have certain risk, if Insufficient privilege directly exits, authority normally performs step 202;
Step 202: obtain particular group of users information, as the genus group of equipment;
Step 203: load specified file operation and intercept and capture module in kernel;
Step 204: whether successfully judge that module is intercepted and captured in load document operation, if unsuccessful, directly exit, otherwise execution step 205;
Step 205: obtain idle major device number, can obtain by filtering devices file under proc file system;
Step 206: judge whether the device number equipment of specifying exists, and exists and directly exits, otherwise execution step 207;
Step 207: create equipment according to primary and secondary device number;
Step 208: give correct user's group and the authority of equipment of new establishment, then completed the installation of communication facilities, normally exit.
As shown in Figure 3, obtain the operational flowchart of user's state control communication facilities in the method for record for the operation of a kind of universal document system described in the specific embodiment of the invention 1, concrete steps are as follows:
Step 301: obtain the mount point path of target file system and the action type that will record, action type can be establishment, deletion, access to content, the metadata access to soft or hard link, file, catalogue, rename etc.;
Step 302: open communication facilities with read-write mode;
Step 303: judge whether successfully communication facilities is opened, successful execution step 304, otherwise execution step 309;
Step 304: send mount point path and action type set to communication facilities;
Step 305: judge whether to stop obtaining file system behavior, continue to obtain execution step 306, otherwise execution step 309;
Step 306: obtain the operation in the set of assigned operation type;
Step 307: receive relevant operation and the data of assigned operation type set, the data receiver of kernel state is arrived to user's state;
Step 308: file system behavioural information is sent to logging modle, continue execution step 305;
Step 309: send the finish command to communication apparatus and close this equipment.
As shown in Figure 4, for the operational flowchart of kernel state device responds control in the method for record is obtained in the operation of a kind of universal document system described in the specific embodiment of the invention 1, step 401, step 402, step 403 automatically perform when loading kernel.Concrete steps are as follows:
Step 401: initialization exclusive reference resource;
Step 402: distribute primary and secondary device number, Linux provides two kinds of strategies of dynamic static allocation device number;
Step 403: initialization character device, and be registered in kernel;
Step 404: judge whether to process the control information that user's state sends, if do not processed and directly exit, otherwise execution step 405;
Step 405: judge whether that fill order obtains file system handle, if do not carried out this command execution step 409, otherwise execution step 406;
Step 406: open mount point and obtain the data structure that VFS is relevant, comprise file object, file_operations object and inode_operations object etc.;
Step 407: preserve and revise the data structure that VFS is relevant, be embodied in the function pointer corresponding to action type that will obtain is substituted in corresponding inode_operations object;
Step 408: preserve and be modified virgin state and the current state of data structure, and open close mount point, perform step 404 after carrying out this step;
Step 409: judge whether that fill order obtains the data of assigned operation, if do not carried out this command execution step 414, otherwise execution step 410;
Step 410: trigger corresponding operation by VFS;
Step 411: the file system DBMS that obtains this operation;
Step 412: filter part required in above-mentioned data, and copy to user's space;
Step 413: call the respective operations of bottom document system, perform step 404 after carrying out this step;
Step 414: judge whether fill order recovery file system handle, if do not carried out this command execution step 404, otherwise execution step 415;
Step 415: open mount point and obtain the data structure that VFS is relevant;
Step 416: the relevant data structure of VFS of reading and saving, and return to virgin state;
Step 417: close mount point, perform step 404 after being finished.
As shown in Figure 5, obtain the operational flowchart of user's state log file system action in the method for record for the operation of a kind of universal document system described in the specific embodiment of the invention 1, concrete steps are as follows:
Step 501: initialization operation logging modle, as open the interface of persistence file or initialization persistent storage;
Step 502: judge whether to receive the file system behavior that user's state control communication module sends, do not receive and directly exit, otherwise execution step 503;
Step 503: receive the file system behavior that user's state control communication device module sends;
Step 504: file system behavior is carried out to pre-service, as carry out Data classification, serializing, information extraction etc.;
Step 505: the data that above-mentioned steps is produced write persistence file, performs step 502 after completing this step.
As shown in Figure 6, obtain the operational flowchart of communication facilities unloading in the method for record for the operation of a kind of universal document system described in the specific embodiment of the invention 1, concrete steps are as follows:
Step 601: check whether active user's authority can be used, as Insufficient privilege directly exits, otherwise execution step 602;
Step 602: delete specified file operation and intercept and capture module;
Step 603: judge that whether the unloading of file operation intercepting and capturing module is successful, directly exit as unsuccessful, otherwise execution step 604;
Step 604: delete designated equipment, normally exit.
As shown in Figure 7, obtain the system of record for the operation of a kind of universal document system described in the specific embodiment of the invention 1, comprising: Unload module 1 is installed, module 3, communication facilities 5, user's state equipment operating module 2 and user's state operation note module 4 are intercepted and captured in file operation;
Described installation Unload module 1 is used to file operation to intercept and capture module 3 and connects and disconnect with foreign file system, and disconnects being connected of free device number and communication facilities; ;
Described file operation is intercepted and captured module 3 for obtaining the free device number that does not have corresponding communication facilities, and by free device number with create connection with its corresponding associated communication facilities 5; And file operation is intercepted and captured module 3 for intercept and capture the operation information of file from foreign file system according to described intercepting and capturing command information; And the operation information of the file of intercepting and capturing is sent to communication facilities 5;
Described user's state equipment operating module 2 is for receiving user's the intercepting and capturing instruction of input, and intercepts and captures module 3 to file operation and send and intercept and capture command informations;
The operation information of the file receiving is sent to user's state operation note module 4 by described communication facilities 5;
Described user's state operation note module 4 is for described operation information is processed, and by operation information after treatment according to the dissimilar storage space that writes.
Described installation Unload module 1 comprises authority judge module 11, belongs to pack module 12 and link block 13;
Whether described authority judge module 11 has the authority of operation installation Unload module for detection of user;
Described genus pack module 12 is for obtaining user profile, as the genus group of communication facilities;
Described link block 13 connects for intercepting and capturing module 3 with file operation.
Described file operation is intercepted and captured module 3 and is comprised open communication EM equipment module 31, forwarding module 32, obtains operational module 33 and sending module 34;
The mount point path of the file system that described open communication EM equipment module 31 is obtained for received communication equipment 5 and the action type that will record, be recorded to described action type in action type set, and open communication facilities 5 with read-write mode;
Described forwarding module 32 is incorporated into communication facilities 5 for sending mount point path and operation type set;
The described operational module 33 that obtains is for obtaining the operation of specific operation type set, and sends operation requests to communication facilities 5, the relevant operation information of assigned operation type set that received communication equipment 5 feeds back;
Described sending module 34 is for sending to the operation information obtaining user's state operation note module 4.
Described user's state operation note module 4 comprises initialization module 41, receiving processing module 42 and memory module 43;
Described initialization module 41 is for carrying out initialization to user's state operation note module;
The filesystem information that described receiving processing module 42 sends for receiving user's state equipment operating module 2, carries out pre-service to filesystem information;
Described memory module 43 for by pretreated information according to the dissimilar storage space that writes.
Described in described receiving processing module 42, pre-service comprises Data classification, serializing and information extraction.
When described installation Unload module 1 completes the operation of file operation intercepting and capturing module loading, need to load particular file operation and intercept and capture module and create device node according to specific primary and secondary device number; When module is intercepted and captured in uninstall file operation, module is intercepted and captured in the file operation that need to remove loading, deletes the device node creating;
Described user's state equipment operating module 2 has been eliminated the limitation of controlling at kernel state, has strengthened the function of communicating pair; First open communication facilities and monitor, then initiate according to demand request, as obtain file system handle, obtain inquiry and create the operations such as deletion, obtain the operation information of the operations such as inquiry, establishment or deletion etc., finally receive to reply and obtain information needed;
The operation requests of module 3 for arranging according to user's state equipment operating module intercepted and captured in described file operation, carries out the operation of respective file intercept and capture at kernel state, obtains the data structure of VFS Virtual File System, obtains the service data via VFS Virtual File System; And the response operation of response control, first the equipment that registration is installed, receive the control request of user's state, carry out different logics and operation according to different control requests, as obtain file system handle, obtain inquiry and create deletions and wait operation, obtain inquiry and create to delete and wait the content of operation etc. operating, then related data is delivered to user's state space;
Described user's state operation note module 4, can be by the operation store of intercepting and capturing in file, database storage system by user's state, file system behavior being carried out to persistence operation; Make full use of ripe memory interface and storage mode; Record operation, is first to obtain the information that kernel state that user's state control module obtains transmits, and the type feature providing according to control module, is saved in information in follow-up storage, is saved in database as the mode writing in files with stream or in the mode of record.
The realization of native system, depends on the kernel version of Linux, and the loading of intercepting and capturing module 1 for the installation unloading of equipment and file operation on different linux kernel versions is deleted and the relevant API of VFS layer has certain difference; For equipment, unloading is installed, uses the command-line tool of Linux to create sweep equipment and file operation intercepting and capturing module 3 effective function that must complete this module fast.Due to the thought of ubiquitous in Unix/Linux philosophy " all are file all ", can use equally the system call operating equipment of operation file in user's state.Module 3 is intercepted and captured in file operation need to realize device-dependent driving, and the mode host who intercepts and captures module 3 with file operation is in kernel state, and the operational order of response user state, copies the relevant kernel information of instruction.User's state is carried out record to file system operation, depend on the one hand the read-write interface of persistent storage, the data that user's state equipment operating module 2 is obtained are carried out persistence, the view externally providing is provided on the one hand, as the Record Comparison in different file, the frequency statistics of different operating, the hot statistics in different paths etc.
Concrete, the present invention also comprises following operation:
The operation that communication facilities is installed and unloaded;
The operation of user's state control communication facilities;
The response operation of kernel state device responds control;
The operation of user's state log file system action.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (10)
1. a method for record is obtained in the operation of universal document system, it is characterized in that, specifically comprises the following steps:
Step 1: it is that module is intercepted and captured in file operation and foreign file system connects that Unload module is installed;
Step 2: judge whether whether module is intercepted and captured in file operation is and foreign file system first connection if so, to perform step 3; Otherwise, execution step 4;
Step 3: file operation is intercepted and captured module the free device number that does not have corresponding communication facilities is created to communication facilities, and the communication facilities creating is created and is connected with free device number;
Step 4: user's state equipment operating module receives the intercepting and capturing instruction of user's input, and intercept and capture module transmission to file operation and intercept and capture command information;
Step 5: file operation intercepting and capturing module is intercepted and captured the operation information of file from foreign file system according to described intercepting and capturing command information;
Step 6: file operation is intercepted and captured module the operation information of the file of intercepting and capturing is sent to communication facilities, and the operation information of the file receiving is sent to user's state operation note module by communication facilities;
Step 7: user's state operation note module is processed described operation information, and by operation information after treatment according to the dissimilar storage space that writes;
Step 8: file operation is intercepted and captured module and disconnected being connected of free device number and communication facilities, installs Unload module and disconnects being connected of file operation intercepting and capturing module and foreign file system, completes unloading.
2. the method for record is obtained in the operation of a kind of universal document system according to claim 1, it is characterized in that, the operation information of the foreign file system that file operation intercepting and capturing module is obtained comprises the mount point path of foreign file system and the action type information of needs record.
3. the method for record is obtained in the operation of a kind of universal document system according to claim 2, it is characterized in that, described step 5 specifically comprises the following steps:
Step 5.1: file operation is intercepted and captured module and judged whether to process the intercepting and capturing command information that user's state equipment operating module sends, if processed, execution step 5.2; Otherwise, execution step 6;
Step 5.2: file operation is intercepted and captured module and judged whether that execution intercepting and capturing command information obtains file system handle, if so, carries out next step, otherwise, execution step 5.5;
Step 5.4: open mount point and obtain the data structure that VFS Virtual File System is relevant, preserve and revise the data structure that VFS Virtual File System is relevant, and preserve the virgin state of current state quilt and Update Table structure, and open the mount point of closing, return to execution step 5.1;
Step 5.5: judge whether that execution intercepting and capturing command information obtains the data of assigned operation, if so, carries out next step; Otherwise, execution step 5.8;
Step 5.6: trigger corresponding operation by VFS Virtual File System, obtain file system and the data of this operation;
Step 5.7: filter required partial data in the data obtained, and the partial data obtaining copies in user's space, call the respective operations of bottom document system, return to execution step 5.1;
Step 5.8: judge whether executable operations request recovery file system handle, if so, carry out next step, otherwise, execution step 5.1;
Step 5.9: open mount point and obtain the data structure that VFS Virtual File System is relevant, reading and saving is in the relevant data structure of VFS Virtual File System, and returns to virgin state; Close mount point, return to execution step 5.1.
4. the method for obtaining record according to the operation of a kind of universal document system described in claim 1-3 any one, is characterized in that, step 6 specifically comprises the following steps:
Step 6.1: file operation is intercepted and captured module and opened communication facilities with read-write mode;
Step 6.2: module transmission mount point path is intercepted and captured in file operation and action type information sends to communication facilities;
Step 6.3: the operation information of the file receiving is sent to user's state operation note module by communication facilities.
5. the method for record is obtained in the operation of a kind of universal document system according to claim 4, it is characterized in that, described step 7 specifically comprises the following steps:
Step 7.1: user's state operation note module is carried out initialization;
Step 7.2: user's state operation note module judges whether to receive the filesystem information that user's state equipment operating module sends, and if so, carries out next step; Otherwise, execution step 8;
Step 7.3: receive the filesystem information that user's state equipment operating module sends, filesystem information is carried out to pre-service;
Step 7.4: by pretreated information according to the dissimilar storage space that writes.
6. the method for record is obtained in the operation of a kind of universal document system according to claim 5, it is characterized in that, pre-service described in described step 7.3 comprises Data classification, serializing and information extraction.
7. a system for record is obtained in the operation of universal document system, comprising: Unload module, file operation intercepting and capturing module, communication facilities, user's state equipment operating module and user's state operation note module are installed;
Described installation Unload module is used to file operation to intercept and capture module and foreign file system and connects and disconnect, and disconnects being connected of free device number and communication facilities;
Described file operation is intercepted and captured module for obtaining the free device number that does not have corresponding communication facilities, and by free device number be connected with its corresponding associated communication facilities establishment; And file operation is intercepted and captured module for intercept and capture the operation information of file from foreign file system according to described intercepting and capturing command information; And the operation information of the file of intercepting and capturing is sent to communication facilities;
Described user's state equipment operating module is used for the intercepting and capturing instruction of the input that receives user, and intercepts and captures module transmission to file operation and intercept and capture command information;
The operation information of the file receiving is sent to user's state operation note module by described communication facilities;
Described user's state operation note module is for processing described operation information, and by operation information after treatment according to the dissimilar storage space that writes.
8. the system of record is obtained in the operation of a kind of universal document system according to claim 7, it is characterized in that, described installation Unload module comprises authority judge module, belongs to pack module and link block;
Whether described authority judge module has the authority of operation installation Unload module for detection of user;
Described genus pack module is used for obtaining user profile, as the genus group of communication facilities;
Described link block connects for intercepting and capturing module with file operation.
9. the system of record is obtained in the operation of a kind of universal document system according to claim 8, it is characterized in that, described file operation is intercepted and captured module and comprised open communication EM equipment module, forwarding module, obtains operational module and sending module;
The mount point path of the file system that described open communication EM equipment module is obtained for received communication equipment and the action type that will record, be recorded to described action type in action type set, and open communication facilities with read-write mode;
Described forwarding module is used for sending mount point path and operation type set is incorporated into communication facilities;
The described operational module that obtains is for obtaining the operation of specific operation type set, and sends operation requests to communication facilities, the relevant operation information of assigned operation type set of received communication equipment feedback;
Described sending module is for sending to user's state operation note module by the operation information obtaining by communication facilities.
10. the system of record is obtained in the operation of a kind of universal document system according to claim 9, it is characterized in that, described user's state operation note module comprises initialization module, receiving processing module and memory module;
Described initialization module is for carrying out initialization to user's state operation note module;
The filesystem information that described receiving processing module sends for receiving user's state equipment operating module, carries out pre-service to filesystem information;
Described memory module is used for pretreated information according to the dissimilar storage space that writes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410066581.9A CN103809981B (en) | 2014-02-26 | 2014-02-26 | The method that a kind of operation of universal document system obtains record |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410066581.9A CN103809981B (en) | 2014-02-26 | 2014-02-26 | The method that a kind of operation of universal document system obtains record |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103809981A true CN103809981A (en) | 2014-05-21 |
| CN103809981B CN103809981B (en) | 2017-06-23 |
Family
ID=50706807
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410066581.9A Expired - Fee Related CN103809981B (en) | 2014-02-26 | 2014-02-26 | The method that a kind of operation of universal document system obtains record |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103809981B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436151A (en) * | 2008-12-01 | 2009-05-20 | 成都索贝数码科技股份有限公司 | Data real time backup method and system based on file system |
| CN101719210A (en) * | 2009-12-25 | 2010-06-02 | 武汉大学 | File use control method based on linux platform digital copyright management |
| US20110040811A1 (en) * | 2009-08-17 | 2011-02-17 | International Business Machines Corporation | Distributed file system logging |
| US20130304778A1 (en) * | 2011-01-21 | 2013-11-14 | Thomson Licensing | Method for backward-compatible aggregate file system operation performance improvement, and respective apparatus |
-
2014
- 2014-02-26 CN CN201410066581.9A patent/CN103809981B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436151A (en) * | 2008-12-01 | 2009-05-20 | 成都索贝数码科技股份有限公司 | Data real time backup method and system based on file system |
| US20110040811A1 (en) * | 2009-08-17 | 2011-02-17 | International Business Machines Corporation | Distributed file system logging |
| CN101719210A (en) * | 2009-12-25 | 2010-06-02 | 武汉大学 | File use control method based on linux platform digital copyright management |
| US20130304778A1 (en) * | 2011-01-21 | 2013-11-14 | Thomson Licensing | Method for backward-compatible aggregate file system operation performance improvement, and respective apparatus |
Non-Patent Citations (1)
| Title |
|---|
| 孙康: "基于linux内核驱动的文件系统监控", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103809981B (en) | 2017-06-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210271558A1 (en) | Application level live synchronization across computing platforms such as cloud platforms | |
| US20200364194A1 (en) | Migration of a database management system to cloud storage | |
| US10891197B2 (en) | Consolidated processing of storage-array commands using a forwarder media agent in conjunction with a snapshot-control media agent | |
| US10419536B2 (en) | Consolidated processing of storage-array commands by a snapshot-control media agent | |
| US8738883B2 (en) | Snapshot creation from block lists | |
| US7610511B2 (en) | Journal migration method and data recovery management method | |
| CN102299904B (en) | System and method for realizing service data backup | |
| US8700570B1 (en) | Online storage migration of replicated storage arrays | |
| US20170344433A1 (en) | Apparatus and method for data migration | |
| US10108501B2 (en) | Terminal backup and recovery method | |
| CN103077243B (en) | The disposal route of file system access and system | |
| CN102495772B (en) | Characteristic-based terminal program cloud backup and recovery methods | |
| CN104714864A (en) | Intelligent computer data backup method | |
| CN103037004A (en) | Implement method and device of cloud storage system operation | |
| CN104202440A (en) | Method for identifying terminal, server and system | |
| CN102508735A (en) | Method for backing up and restoring terminal system based on cloud architecture | |
| KR20190050993A (en) | Update escalation system and method | |
| CN102495771A (en) | Terminal object classified backup and recovery methods based on cloud architecture | |
| CN103955405A (en) | Application management method and device | |
| CN102685194A (en) | Storage device migration and redirection | |
| CN104899049A (en) | File deletion method and device | |
| CN102541986A (en) | File operation monitoring and auditing method | |
| CN105867962A (en) | System upgrading method and device | |
| CN104156669A (en) | Computer information evidence obtaining system | |
| Arani et al. | An extended approach for efficient data storage in cloud computing environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170623 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |