CN103809981B - The method that a kind of operation of universal document system obtains record - Google Patents
The method that a kind of operation of universal document system obtains record Download PDFInfo
- Publication number
- CN103809981B CN103809981B CN201410066581.9A CN201410066581A CN103809981B CN 103809981 B CN103809981 B CN 103809981B CN 201410066581 A CN201410066581 A CN 201410066581A CN 103809981 B CN103809981 B CN 103809981B
- Authority
- CN
- China
- Prior art keywords
- file
- module
- information
- communication equipment
- interception module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000004891 communication Methods 0.000 claims abstract description 72
- 230000009471 action Effects 0.000 claims description 19
- 238000000605 extraction Methods 0.000 claims description 5
- 230000004048 modification Effects 0.000 claims description 4
- 238000012986 modification Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 3
- 230000008859 change Effects 0.000 claims description 2
- 238000001914 filtration Methods 0.000 claims description 2
- 230000006399 behavior Effects 0.000 abstract description 19
- 238000007405 data analysis Methods 0.000 abstract description 3
- 230000004044 response Effects 0.000 description 10
- 238000012217 deletion Methods 0.000 description 9
- 230000037430 deletion Effects 0.000 description 9
- 238000009434 installation Methods 0.000 description 9
- 238000012545 processing Methods 0.000 description 7
- 230000002688 persistence Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000006872 improvement Effects 0.000 description 3
- 241001269238 Data Species 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000035800 maturation Effects 0.000 description 2
- 230000002085 persistent effect Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 108091064702 1 family Proteins 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000002203 pretreatment Methods 0.000 description 1
- 230000006641 stabilisation Effects 0.000 description 1
- 238000011105 stabilization Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Abstract
The present invention relates to the method that a kind of operation of universal document system obtains record, comprise the following steps:1:Set up with foreign file system for file operation interception module and be connected;2:Judge whether it is first connection, if it is, performing step 3;Otherwise, step 4 is performed;3:Establishment communication equipment carried out to the free device number in the absence of correspondence communication equipment, and communication equipment to creating is connected with free device number establishment;4:Receive and sent to file operation interception module and intercept and capture command information;5:According to intercepting and capturing command information capturing operation information;6:The operation information of intercepting and capturing is sent to communication equipment, the operation information of the file that will be received is sent to User space operation note module;7:Operation information after treatment is write into memory space according to different type;8:Disconnect, complete unloading.The characteristics of present invention grasps user and operates from file system level, is easy to the improved properties etc. of data analysis and file system further based on user behavior.
Description
Technical field
The present invention relates to the method that a kind of operation of universal document system obtains record.
Background technology
Linux has become one of first-selected platform of information security field and enterprise-level application and exploitation, more and more
System depends on stabilization and Linux platform popular day by day to be disposed.And the characteristic of increasing income of Linux is also resulted on the platform
Numerous to meet different demands, the various file system for having different qualities emerge in an endless stream, and different system-level applications is also relied on
The advantage of oneself is played in specific file system.
File system inside concrete behavior is obtained, focus and private data is understood, the not only optimization to upper layer application has one
Fixed directive significance, while to the use specificity analysis of user, to the behavior tracking of upper layer application, optimizing to file system performance
All it is significant.And it is hidden on the different and business documentation system interface in realization of different file, to obtaining
Take the concrete behavior inside file system and cause great difficulty.
In face of different file system, Linux is there is provided the abstract VFS (Virtual of unification to numerous file system
File System Switch).By VFS level of abstractions, the file system for meeting VFS interfaces just can be obtained in Linux platform
To use.Therefore start with from VFS layers and make it possible to obtain file system inside concrete behavior.And Linux file operations are intercepted and captured
Modularization load mechanism LKM (loadable kernel module) so that this method more simplifies and quick in realization.
Not yet find that the country has correlation technique to solve relevant issues.
The content of the invention
The technical problems to be solved by the invention are, in view of the shortcomings of the prior art, there is provided one kind solves acquisition text
The method that universal document system based on the Linux operation of the problem of part system operatio obtains record.
The technical scheme that the present invention solves above-mentioned technical problem is as follows:A kind of operation of universal document system obtains record
Method, specifically includes following steps:
Step 1:It is that file operation interception module is connected with foreign file system foundation to install Unload module;
Step 2:Judge whether file operation interception module whether be with foreign file system first connection, if it is, holding
Row step 3;Otherwise, step 4 is performed;
Step 3:File operation interception module carries out establishment communication and sets to the free device number in the absence of correspondence communication equipment
It is standby, and communication equipment and free device number establishment to creating is connected;
Step 4:User space equipment operation module receives the intercepting and capturing instruction of the input of user, and to file operation interception module
Send and intercept and capture command information;
Step 5:File operation interception module intercepts and captures the behaviour of file according to the intercepting and capturing command information from foreign file system
Make information;
Step 6:The operation information of the file of intercepting and capturing is sent to communication equipment by file operation interception module, and communication equipment will
The operation information of the file for receiving is sent to User space operation note module;
Step 7:User space operation note module is processed the operation information, and the operation information after treatment is pressed
Memory space is write according to different type;
Step 8:File operation interception module disconnects the connection of free device number and communication equipment, installs Unload module and disconnects
File operation interception module and the connection of foreign file system, complete unloading.
The beneficial effects of the invention are as follows:The present invention from file system level grasp user operate the characteristics of, be easy to further
Data analysis based on user behavior and file system improved properties etc.;A kind of general file system based on Linux is provided
Operation of uniting is obtained and recording method, transparent to be deployed in different file system, effectively obtains inside in different file
Operation, it is to avoid the exploitation maintenance cost caused by file system otherness, simplifies the data reserve stream of file system behavior
Journey.
On the basis of above-mentioned technical proposal, the present invention can also do following improvement.
Further, the operation information of the foreign file system that the file operation interception module is obtained includes external file system
The mount point path of system and the action type information of needs record.
Further, the step 5 specifically includes following steps:
Step 5.1:File operation interception module judges whether to process the intercepting and capturing instruction that User space equipment operation module sends
Information, if treatment, performs step 5.2;Otherwise, step 6 is performed;
Step 5.2:File operation interception module judges whether to perform intercepts and captures command information acquisition file system handle, if
It is to perform next step, otherwise, performs step 5.5;
Step 5.4:Open mount point and obtain the related data structure of VFS Virtual File Systems, preserve and to change VFS virtual
The related data structure of file system, and preserve the reset condition of current state quilt and modification data structure, the extension of either on or off
Loading point, returns and performs step 5.1;
Step 5.5:Judge whether to perform and intercept and capture the data that command information obtains assigned operation, if it is, performing next step;
Otherwise, step 5.8 is performed;
Step 5.6:Corresponding operation is triggered by VFS Virtual File Systems, the file system and data of the operation is obtained;
Step 5.7:The partial data needed for the data for obtaining is filtered, and the partial data for obtaining copies to user's space
In, the respective operations of underlying file systems are called, return and perform step 5.1;
Step 5.8:Judge whether that performing operation requests recovers file system handle, if it is, next step is performed, otherwise,
Perform step 5.1;
Step 5.9:Open mount point and obtain the related data structure of VFS Virtual File Systems, reading and saving is virtual in VFS
The related data structure of file system, and return to reset condition;Mount point is closed, is returned and is performed step 5.1.
Further, step 6 specifically includes following step:
Step 6.1:File operation interception module opens communication equipment with read-write mode;
Step 6.2:File operation interception module sends mount point path and action type information is sent to communication equipment;
Step 6.3:The operation information of the file that communication equipment will be received is sent to User space operation note module.
Further, the step 7 specifically includes following steps:
Step 7.1:User space operation note module is initialized;
Step 7.2:User space operation note module judges whether to receive the file system that User space equipment operation module sends
System information, if it is, performing next step;Otherwise, step 8 is performed;
Step 7.3:The filesystem information that User space equipment operation module sends is received, filesystem information is carried out pre-
Treatment;
Step 7.4:Pretreated information is write into memory space according to different type.
Further, pretreatment described in the step 7.3 includes data classification, serializing and information extraction.
The technical scheme that the present invention solves above-mentioned technical problem is as follows:A kind of operation of universal document system obtains record
System, including:Unload module, file operation interception module, communication equipment, User space equipment operation module and User space behaviour are installed
Note down module;
The installation Unload module is used to be connected and disconnected from foreign file system foundation for file operation interception module
Connect, and disconnect the connection of free device number and communication equipment;
The file operation interception module is used to obtain the free device number in the absence of correspondence communication equipment, and the free time is set
Standby number and the communication equipment establishment connection of corresponding association;And file operation interception module is used to be instructed according to described intercepting and capturing
Information intercepts and captures the operation information of file from foreign file system;And the operation information of the file of intercepting and capturing is sent to communication equipment;
The User space equipment operation module is used for the intercepting and capturing instruction of the input for receiving user, and intercepts and captures mould to file operation
Block sends intercepts and captures command information;
The operation information of the file that the communication equipment will be received is sent to User space operation note module;
The User space operation note module is used to be processed the operation information, and by the operation information after treatment
Memory space is write according to different type.
The beneficial effects of the invention are as follows:The present invention from file system level grasp user operate the characteristics of, be easy to further
Data analysis based on user behavior and file system improved properties etc.;A kind of general file system based on Linux is provided
Operation of uniting is obtained and record system, transparent to be deployed in different file system, effectively obtains inside in different file
Operation, it is to avoid the exploitation maintenance cost caused by file system otherness, simplifies the data reserve stream of file system behavior
Journey.
On the basis of above-mentioned technical proposal, the present invention can also do following improvement.
Further, the installation Unload module includes authority judge module, category group module and link block;
The authority judge module is used to detect whether user there is operation to install the authority of Unload module;
The category group module is used to obtain user profile, used as the category group of communication equipment;
The link block is used to be connected with the foundation of file operation interception module.
Further, the file operation interception module includes open communication EM equipment module, forwarding module, obtains operation module
And sending module;
The open communication EM equipment module is used for the mount point path of the file system that receiving communication device is obtained and to remember
The action type of record, during the action type recorded into action type set, and opens communication equipment with read-write mode;
The forwarding module is used to send mount point path and action type set to communication equipment;
The operation module that obtains is used to obtain the operation in specific operation type set, and sends operation requests to communication
Equipment, the operation information of the assigned operation type set correlation of receiving communication device feedback;
The sending module is used to for the operation information of acquisition to be sent to User space operation note module.
Further, the User space operation note module includes initialization module, receiving processing module and memory module;
The initialization module is used to initialize User space operation note module;
The receiving processing module is used to receive the filesystem information of User space equipment operation module transmission, to file system
System information is pre-processed;
The memory module is used to for pretreated information to write memory space according to different type.
Further, pretreatment described in the receiving processing module includes data classification, serializing and information extraction.
The installation Unload module completes to be cut, it is necessary to load particular file operation during the loading operation of file operation interception module
Obtain module and device node is created according to specific primary and secondary device number;, it is necessary to remove loading during uninstall file operation interception module
File operation interception module, deletes the device node for creating;
The User space equipment operation module eliminates the limitation being controlled in kernel state, enhances communicating pair
Function;It is first turned on communication equipment to be monitored, request is then initiated according to demand, such as obtain file system handle, acquisition is looked into
The operations such as establishment deletion are ask, operation informations of operation such as inquiry, establishment or deletion etc. are obtained, is finally received needed for response is obtained and is believed
Breath;
The file operation interception module is used for the operation requests set according to User space equipment operation module, in kernel state
The operation for carrying out respective file is intercepted and captured, and obtains the data structure of VFS Virtual File Systems, is obtained via VFS Virtual File Systems
Peration data;And the response operation of response control, the equipment that installation is registered first, the control data of User space is received, according to
Different control datas carries out different logical sum operations, as obtained file system handle, obtains inquiry and creates the operation such as deletion,
Obtain inquiry and create operation contents of operation such as deletion etc., related data is then delivered to user's state space;
The User space operation note module carries out persistence operation by User space to file system behavior, can be by
The operation of intercepting and capturing is stored in file, database storage system;Make full use of the memory interface and storage mode of maturation;Record
Operation, is the information for obtaining the kernel state transmission that User space control module is obtained first, special according to the type that control module is provided
Levy, information is saved in follow-up storage, file is such as write in a streaming manner or database is saved in the way of recording.
Brief description of the drawings
Fig. 1 is that a kind of operation of the universal document system described in the specific embodiment of the invention 1 obtains the method flow for recording
Figure;
Fig. 2 leads in obtaining the method for recording for a kind of operation of the universal document system described in the specific embodiment of the invention 1
The operational flowchart that letter equipment is installed;
Fig. 3 is used in obtaining the method for recording for a kind of operation of the universal document system described in the specific embodiment of the invention 1
Family state controls the operational flowchart of communication equipment;
Fig. 4 is interior in a kind of method of the operation acquisition record of the universal document system described in the specific embodiment of the invention 1
The operational flowchart of core state equipment response control;
Fig. 5 is used in obtaining the method for recording for a kind of operation of the universal document system described in the specific embodiment of the invention 1
The operational flowchart of family state log file system action;
Fig. 6 leads in obtaining the method for recording for a kind of operation of the universal document system described in the specific embodiment of the invention 1
The operational flowchart of letter equipment unloading;
Fig. 7 is that a kind of operation of the universal document system described in the specific embodiment of the invention 1 obtains the system architecture for recording
Block diagram;
Fig. 8 is the structured flowchart of the file operation interception module described in the specific embodiment of the invention 1.
In accompanying drawing, the list of parts representated by each label is as follows:
The 1st, Unload module be installed, 2, User space equipment operation module, 3, file operation interception module, 4 User spaces operation note
Record module, 5, communication equipment, 11, authority judge module, 12, category group module, 13, link block, 31, open communication equipment mould
Block, 32, forwarding module, 33, obtain operation module, 34, sending module, 41, initialization module, 42, receiving processing module, 43,
Memory module.
Specific embodiment
Principle of the invention and feature are described below in conjunction with accompanying drawing, example is served only for explaining the present invention, and
It is non-for limiting the scope of the present invention.
As shown in figure 1, a kind of operation of the universal document system described in the specific embodiment of the invention 1 obtains the side of record
Method, specifically includes following steps:
Step 1:It is that file operation interception module is connected with foreign file system foundation to install Unload module;
Step 2:Judge whether file operation interception module whether be with foreign file system first connection, if it is, holding
Row step 3;Otherwise, step 4 is performed;
Step 3:File operation interception module carries out establishment communication and sets to the free device number in the absence of correspondence communication equipment
It is standby, and communication equipment and free device number establishment to creating is connected;
Step 4:User space equipment operation module receives the intercepting and capturing instruction of the input of user, and to file operation interception module
Send and intercept and capture command information;
Step 5:File operation interception module intercepts and captures the behaviour of file according to the intercepting and capturing command information from foreign file system
Make information;
Step 6:The operation information of the file of intercepting and capturing is sent to communication equipment by file operation interception module, and communication equipment will
The operation information of the file for receiving is sent to User space operation note module;
Step 7:User space operation note module is processed the operation information, and the operation information after treatment is pressed
Memory space is write according to different type;
Step 8:File operation interception module disconnects the connection of free device number and communication equipment, installs Unload module and disconnects
File operation interception module and the connection of foreign file system, complete unloading.
As shown in Fig. 2 a kind of operation of the universal document system described in the specific embodiment of the invention 1 obtains the side of record
The operational flowchart that communication equipment is installed in method, comprises the following steps that:
Step 201:Check whether user right can use, because establishment equipment and load driver have certain risk, if
Insufficient privilege, directly exits, and authority normally performs step 202;
Step 202:Specific user's group information is obtained, as the category group of equipment;
Step 203:Load specified file and operate interception module in kernel;
Step 204:Judge whether load document operation interception module succeeds, if unsuccessful, directly exit, otherwise perform
Step 205;
Step 205:Obtain idle major device number, can by filtering proc file system under devices files obtain;
Step 206:The device number equipment that judgement is specified whether there is, and exist, and directly exit, and otherwise perform step 207;
Step 207:Equipment is created according to primary and secondary device number;
Step 208:The new correct user's group of equipment and authority for creating is assigned, the installation of communication equipment is then completed,
Normally exit.
As shown in figure 3, a kind of operation of the universal document system described in the specific embodiment of the invention 1 obtains the side of record
User space controls the operational flowchart of communication equipment in method, comprises the following steps that:
Step 301:The mount point path of target file system and the action type to be recorded are obtained, action type can be
To soft or hard link, file, the establishment of catalogue, deletion, access to content, metadata access, renaming etc.;
Step 302:Communication equipment is opened with read-write mode;
Step 303:Judge that communication equipment is opened whether to succeed, successful execution step 304 otherwise performs step 309;
Step 304:Mount point path and action type set are sent to communication equipment;
Step 305:Judge whether to stop obtaining file system behavior, continue to obtain execution step 306, otherwise perform step
309;
Step 306:Obtain the operation in assigned operation type set;
Step 307:Receive the related operation of assigned operation type set and data, i.e., the data receiver of kernel state to use
Family state;
Step 308:File system behavioural information is sent to logging modle, step 305 is continued executing with;
Step 309:Send and terminate order to communication apparatus and close the equipment.
As shown in figure 4, a kind of operation of the universal document system described in the specific embodiment of the invention 1 obtains the side of record
The operational flowchart of kernel state equipment response control in method, holds automatically when step 401, step 402, step 403 are for loading kernel
OK.Comprise the following steps that:
Step 401:Initialization exclusive reference resource;
Step 402:Distribution primary and secondary device number, Linux provides two kinds of strategies of dynamic distributing equipment number;
Step 403:Initialization character device, and be registered in kernel;
Step 404:Judge whether to process the control information that User space sends, as do not processed, directly exit, otherwise perform
Step 405;
Step 405:Judge whether that performing order obtains file system handle, step 409 is performed if do not performed the order, it is no
Then perform step 406;
Step 406:Open mount point and obtain the related data structures of VFS, including file objects, file_operations
Object and inode_operations objects etc.;
Step 407:The related data structures of VFS are preserved and changed, is embodied in the action type to be obtained correspondence
Function pointer be substituted into corresponding inode_operations objects;
Step 408:Preserve by the reset condition and current state of modification data structure, and close mount point, perform the step
Suddenly step 404 is performed after finishing;
Step 409:Judge whether to perform the data that order obtains assigned operation, step 414 performed if do not performed the order,
Otherwise perform step 410;
Step 410:Corresponding operation is triggered by VFS;
Step 411:Obtain the file system DBMS of the operation;
Step 412:The part needed for above-mentioned data is filtered, and copies to user's space;
Step 413:The respective operations of underlying file systems are called, execution step 404 after the step is finished is performed;
Step 414:Judge whether that performing order recovers file system handle, step 404 is performed if do not performed the order, it is no
Then perform step 415;
Step 415:Open mount point and obtain the related data structures of VFS;
Step 416:The VFS of reading and saving related data structure, and return to reset condition;
Step 417:Mount point is closed, step 404 is performed after being finished.
As shown in figure 5, a kind of operation of the universal document system described in the specific embodiment of the invention 1 obtains the side of record
The operational flowchart of User space log file system action, comprises the following steps that in method:
Step 501:Initialization operation logging modle, such as opens the interface of persistence file or initialization persistent storage;
Step 502:Judge whether to receive the file system behavior that User space control communication module sends, do not receive then direct
Exit, otherwise perform step 503;
Step 503:Receive the file system behavior that User space control communication device module sends;
Step 504:File system behavior is pre-processed, data classification is such as carried out, serialized, information extraction etc.;
Step 505:The data that above-mentioned steps are produced write persistence file, and step 502 is performed after completing the step.
As shown in fig. 6, a kind of operation of the universal document system described in the specific embodiment of the invention 1 obtains the side of record
The operational flowchart of communication equipment unloading, comprises the following steps that in method:
Step 601:Check whether active user's authority can use, directly exited if Insufficient privilege, otherwise perform step
602;
Step 602:Delete specified file operation interception module;
Step 603:Judge whether the unloading of file operation interception module succeeds, as unsuccessful, directly exit, otherwise perform
Step 604;
Step 604:Designated equipment is deleted, is normally exited.
As shown in fig. 7, a kind of operation of universal document system described in the specific embodiment of the invention 1 obtain record be
System, including:Unload module 1, file operation interception module 3, communication equipment 5, User space equipment operation module 2 and User space are installed
Operation note module 4;
The installation Unload module 1 is used to be connected and disconnected from foreign file system foundation for file operation interception module 3
Connection, and disconnect the connection of free device number and communication equipment;;
The file operation interception module 3 is used to obtain the free device number in the absence of correspondence communication equipment, and by the free time
Device number and the communication equipment of corresponding association 5 create connection;And file operation interception module 3 is used for according to the intercepting and capturing
Command information intercepts and captures the operation information of file from foreign file system;And the operation information of the file of intercepting and capturing is sent to communication sets
Standby 5;
The User space equipment operation module 2 is used for the intercepting and capturing instruction of the input for receiving user, and is intercepted and captured to file operation
Module 3 sends intercepts and captures command information;
The operation information of the file that the communication equipment 5 will be received is sent to User space operation note module 4;
The User space operation note module 4 is used to be processed the operation information, and the operation after treatment is believed
Breath writes memory space according to different type.
The installation Unload module 1 includes authority judge module 11, category group module 12 and link block 13;
The authority judge module 11 is used to detect whether user there is operation to install the authority of Unload module;
The category group module 12 is used to obtain user profile, used as the category group of communication equipment;
The link block 13 is used to be connected with the foundation of file operation interception module 3.
The file operation interception module 3 includes open communication EM equipment module 31, forwarding module 32, obtains operation module 33
With sending module 34;
The open communication EM equipment module 31 is used for the mount point path of the file system that receiving communication device 5 is obtained and wants
The action type of record, during the action type recorded into action type set, and opens communication equipment 5 with read-write mode;
The forwarding module 32 is used to send mount point path and action type set to communication equipment 5;
The operation module 33 that obtains is used to obtaining operation in specific operation type set, and sends operation requests to leading to
Letter equipment 5, the operation information of the assigned operation type set correlation of the feedback of receiving communication device 5;
The sending module 34 is used to for the operation information of acquisition to be sent to User space operation note module 4.
The User space operation note module 4 includes initialization module 41, receiving processing module 42 and memory module 43;
The initialization module 41 is used to initialize User space operation note module;
The receiving processing module 42 is used to receive the filesystem information of the transmission of User space equipment operation module 2, to text
Part system information is pre-processed;
The memory module 43 is used to for pretreated information to write memory space according to different type.
Pretreatment described in the receiving processing module 42 includes data classification, serializing and information extraction.
The installation Unload module 1 is completed when the loading of file operation interception module is operated, it is necessary to load particular file operation
Interception module and according to specific primary and secondary device number create device node;, it is necessary to remove loading during uninstall file operation interception module
File operation interception module, delete create device node;
The User space equipment operation module 2 eliminates the limitation being controlled in kernel state, enhances communicating pair
Function;It is first turned on communication equipment to be monitored, request is then initiated according to demand, such as obtain file system handle, obtains
Inquiry establishment deletion etc. is operated, and obtains operation informations of operation such as inquiry, establishment or deletion etc., needed for finally reception response is obtained
Information;
The file operation interception module 3 is used for the operation requests set according to User space equipment operation module, in kernel
The operation that state carries out respective file is intercepted and captured, and obtains the data structure of VFS Virtual File Systems, is obtained via VFS virtual files system
The peration data of system;And the response operation of response control, the equipment that installation is registered first, receive the control data of User space, root
Different logical sums are carried out according to different control datas to operate, as obtained file system handle, obtain inquiry and create the behaviour such as deletion
Make, obtain inquiry and create operation contents of operation such as deletion etc., related data is then delivered to user's state space;
The User space operation note module 4 carries out persistence operation by User space to file system behavior, can be with
The operation that will be intercepted and captured is stored in file, database storage system;Make full use of the memory interface and storage mode of maturation;Note
Record operation, is the information for obtaining the kernel state transmission that User space control module is obtained, according to the type that control module is provided first
Feature, information is saved in follow-up storage, and file is such as write in a streaming manner or database is saved in the way of recording.
The realization of the system, depends on the kernel version of Linux, for the peace of equipment on different linux kernel versions
Loading and unloading are deleted to the loading of file operation interception module 3 and VFS layers of related API has certain difference;Installed for equipment and unloaded
Carry, creating sweep equipment and file operation interception module 3 using the command-line tool of Linux quickly effective can must complete the mould
The function of block.Due to the thought of " all file " of generally existing in Unix/Linux philosophy, can equally make in User space
With the system call operation equipment of operation file.File operation interception module 3 is needed to realize device-dependent driving, is grasped with file
Make the mode host of interception module 3 in kernel state, respond the operational order of User space, the related kernel information of copy instruction.With
Family state is recorded to file system operation, on the one hand depends on the read-write interface of persistent storage, by User space equipment operation
The data that module 2 is obtained carry out persistence, on the one hand depend on the view of external offer, record right such as in different file
Than, the frequency statisticses of different operating, the hot statistics in different paths etc..
Specifically, present invention additionally comprises following operation:
The operation that communication equipment is installed and unloaded;
User space controls the operation of communication equipment;
The response operation of kernel state equipment response control;
The operation of User space log file system action.
The foregoing is only presently preferred embodiments of the present invention, be not intended to limit the invention, it is all it is of the invention spirit and
Within principle, any modification, equivalent substitution and improvements made etc. should be included within the scope of the present invention.
Claims (5)
1. the method that a kind of operation of universal document system obtains record, it is characterised in that specifically include following steps:
Step 1:It is that file operation interception module is connected with foreign file system foundation to install Unload module;
Step 2:Judge file operation interception module whether be with foreign file system first connection, if it is, perform step 3;
Otherwise, step 4 is performed;
Step 3:File operation interception module carries out establishment communication equipment to the free device number in the absence of correspondence communication equipment, and
Communication equipment to creating is created with free device number and is connected;
Step 4:User space equipment operation module receives the intercepting and capturing instruction of the input of user, and is sent to file operation interception module
Intercept and capture command information;
Step 5:File operation interception module is believed according to the operation that the intercepting and capturing command information intercepts and captures file from foreign file system
Breath;
The step 5 specifically includes following steps:
Step 5.1:File operation interception module judges whether to process the intercepting and capturing command information that User space equipment operation module sends,
If treatment, step 5.2 is performed;Otherwise, step 6 is performed;
Step 5.2:File operation interception module judges whether to perform intercepts and captures command information acquisition foreign file system handle, if
It is to perform next step, otherwise, performs step 5.4;
Step 5.3:Open mount point and obtain the related data structure of VFS Virtual File Systems, preserve and change VFS virtual files
The related data structure of system, and current state and the reset condition by modification data structure are preserved, mount point is closed, return is held
Row step 5.1;
Step 5.4:Judge whether to perform and intercept and capture the data that command information obtains assigned operation, if it is, performing next step;It is no
Then, step 5.7 is performed;
Step 5.5:The operation of the operation that file is intercepted and captured from foreign file system is performed by the triggering of VFS Virtual File Systems, is obtained
The file system and data of the operation;
Step 5.6:The partial data needed for the data for obtaining is filtered, and the partial data that will be obtained copies to user's space
In, call the partial data performed needed for the data that filtering is obtained of underlying file systems, and the partial data that will be obtained to answer
Corresponding operation in user's space is made, is returned and is performed step 5.1;
Step 5.7:Judge whether that performing operation requests recovers foreign file system handle, if it is, next step is performed, otherwise,
Perform step 5.1;
Step 5.8:Open mount point and obtain the related data structure of VFS Virtual File Systems, reading and saving is in VFS virtual files
The related data structure of system, and return to reset condition;Mount point is closed, is returned and is performed step 5.1;
Step 6:The operation information of the file of intercepting and capturing is sent to communication equipment by file operation interception module, and communication equipment will be received
To the operation information of file be sent to User space operation note module;
Step 7:User space operation note module is processed the operation information, and by the operation information after treatment according to not
Same type writes memory space;
Step 8:File operation interception module disconnects the connection of free device number and communication equipment, installs Unload module and disconnects file
Operation interception module and the connection of foreign file system, complete unloading.
2. the method that a kind of operation of universal document system according to claim 1 obtains record, it is characterised in that file
The operation information of the foreign file system that operation interception module is obtained includes the mount point path of foreign file system and needs note
The action type information of record.
3. the method that a kind of operation of universal document system according to claim 1 and 2 obtains record, it is characterised in that
Step 6 specifically includes following step:
Step 6.1:File operation interception module opens communication equipment with read-write mode;
Step 6.2:File operation interception module sends mount point path and action type information is sent to communication equipment;
Step 6.3:The operation information of the file that communication equipment will be received is sent to User space operation note module.
4. the method that a kind of operation of universal document system according to claim 3 obtains record, it is characterised in that described
Step 7 specifically includes following steps:
Step 7.1:User space operation note module is initialized;
Step 7.2:User space operation note module judges whether to receive the operation information that file operation interception module sends, if
It is to perform next step;Otherwise, step 8 is performed;
Step 7.3:The operation information that file operation interception module sends is received, filesystem information is pre-processed;
Step 7.4:Pretreated information is write into memory space according to different type.
5. the method that a kind of operation of universal document system according to claim 4 obtains record, it is characterised in that described
Pretreatment described in step 7.3 includes data classification, serializing and information extraction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410066581.9A CN103809981B (en) | 2014-02-26 | 2014-02-26 | The method that a kind of operation of universal document system obtains record |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410066581.9A CN103809981B (en) | 2014-02-26 | 2014-02-26 | The method that a kind of operation of universal document system obtains record |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103809981A CN103809981A (en) | 2014-05-21 |
| CN103809981B true CN103809981B (en) | 2017-06-23 |
Family
ID=50706807
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410066581.9A Expired - Fee Related CN103809981B (en) | 2014-02-26 | 2014-02-26 | The method that a kind of operation of universal document system obtains record |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103809981B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436151A (en) * | 2008-12-01 | 2009-05-20 | 成都索贝数码科技股份有限公司 | Data real time backup method and system based on file system |
| CN101719210A (en) * | 2009-12-25 | 2010-06-02 | 武汉大学 | File use control method based on linux platform digital copyright management |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8868601B2 (en) * | 2009-08-17 | 2014-10-21 | International Business Machines Corporation | Distributed file system logging |
| US20130304778A1 (en) * | 2011-01-21 | 2013-11-14 | Thomson Licensing | Method for backward-compatible aggregate file system operation performance improvement, and respective apparatus |
-
2014
- 2014-02-26 CN CN201410066581.9A patent/CN103809981B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436151A (en) * | 2008-12-01 | 2009-05-20 | 成都索贝数码科技股份有限公司 | Data real time backup method and system based on file system |
| CN101719210A (en) * | 2009-12-25 | 2010-06-02 | 武汉大学 | File use control method based on linux platform digital copyright management |
Non-Patent Citations (1)
| Title |
|---|
| 基于linux内核驱动的文件系统监控;孙康;《中国优秀硕士学位论文全文数据库信息科技辑》;20110415(第4期);摘要,第21-43、52-56页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103809981A (en) | 2014-05-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104239166B (en) | A kind of method that file backup is realized to virtual machine in operation | |
| US7971049B2 (en) | Systems and methods for managing user configuration settings | |
| US7181583B2 (en) | Method and program for creating a snapshot, and storage system | |
| US20050246386A1 (en) | Hierarchical storage management | |
| US8185496B2 (en) | Separating file data streams to enhance progressive incremental processing | |
| CN109831419A (en) | The determination method and device of shell program authority | |
| US20080215836A1 (en) | Method of managing time-based differential snapshot | |
| CN104363211A (en) | Method and system for managing authority | |
| CN103077243B (en) | The disposal route of file system access and system | |
| US20100125587A1 (en) | Electronic file management system | |
| CN104714864A (en) | Intelligent computer data backup method | |
| US20040098394A1 (en) | Localized intelligent data management for a storage system | |
| CN101470645A (en) | High-speed cache data recovery method and apparatus | |
| EP3267323A1 (en) | Thin client system, connection management device, virtual machine operating device, method, and storage medium | |
| CN102541986A (en) | File operation monitoring and auditing method | |
| CN107329914A (en) | It is a kind of that the out of order method and device of hard disk is detected based on linux system | |
| US20150020167A1 (en) | System and method for managing files | |
| US11086726B2 (en) | User-based recovery point objectives for disaster recovery | |
| CN100594480C (en) | Copying method, copying method and block identification data acquisition method | |
| CN108475201A (en) | A kind of data capture method in virtual machine start-up course and cloud computing system | |
| CN103207817A (en) | Automatic reduction method for virtual machine | |
| CN108182128A (en) | Based on XEN without Agent virtual back-up restoring method | |
| CN104156669A (en) | Computer information evidence obtaining system | |
| CN103809981B (en) | The method that a kind of operation of universal document system obtains record | |
| US20210181945A1 (en) | User-based recovery point objectives for disaster recovery |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170623 |