CN104144071A - System log processing method and platform - Google Patents
System log processing method and platform Download PDFInfo
- Publication number
- CN104144071A CN104144071A CN201310172737.7A CN201310172737A CN104144071A CN 104144071 A CN104144071 A CN 104144071A CN 201310172737 A CN201310172737 A CN 201310172737A CN 104144071 A CN104144071 A CN 104144071A
- Authority
- CN
- China
- Prior art keywords
- system journal
- template
- journal
- equipment
- keyword
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a system log processing method and platform. The system log processing method includes the steps of having access to equipment generating system logs, collecting the system logs from the equipment, carrying out matching between the formats of the collected system logs and an appointed equipment template, determining corresponding equipment types of the system logs, filtering the system logs through an appointed key word template according to the equipment types of the system logs, sending a filtering result to a server side, and carrying out alarm processing on the system logs by the server side.
Description
Technical field
The present invention relates to Internet communication technology field, particularly a kind of processing method of system journal and the processing platform of system journal.
Background technology
In modern operation and maintenance system, the application system of scale and the network equipment need the supervisory systems of automation to manage, and to the supervision of system journal (syslog) information, are exactly an important ring wherein.Yet in practice,, different due to different application systems, journal format that the network equipment is corresponding, this analyzes to standardized syslog and has brought huge difficulty.
The processing scheme of existing system daily record is mainly by system journal centralized stores to given server of various device, house dog (watchdog) service by system is filtered and crawl log, and reports to the police to meeting the record of house dog service initialization condition.
Yet house dog service only can realize some fairly simple operations, the filter condition of use is more single, cannot distinguish all-sidedly and accurately dangerous daily record, poor filtration effect; And house dog service is processed various types of daily records are mixed in together, the format and content of each log store differs greatly, and causes in subsequent operation greatlyr to the utilization of system journal and development difficulty, and resource utilization is lower.At present urgently a kind of for daily record excavation, analysis and monitoring alarm etc. in the comprehensive service platform of one.
Summary of the invention
In view of the above problems, the embodiment of the present invention provides a kind of processing method of system journal and the processing platform of system journal.
For achieving the above object, the embodiment of the present invention has adopted following technical scheme:
One embodiment of the invention provides a kind of processing method of system journal, and the method comprises:
The equipment of access generation system daily record, from the daily record of equipment acquisition system;
The form of the system journal collecting is mated with the equipment template of appointment, confirm the device type that each system journal is corresponding;
According to the device type of each system journal, utilize the keyword template of appointment to filter system journal;
Filter result is sent to server side, by server side to the system journal processing of reporting to the police;
Wherein, the described equipment template of every kind of device type is generated by the conditional expression that can mate all system journal forms under this device type;
The described keyword template of every kind of device type allows the keyword comprising or forbids that the keyword comprising generates in system journal under this device type.
Another embodiment of the present invention provides a kind of processing method of system journal, comprise: the filter result of the system journal that reception client-side reports is also stored to database according to predetermined consolidation form by filter result, this filter result comprises system journal and flag bit corresponding to this system journal, this flag bit comprises the first flag bit, the second flag bit and the 3rd flag bit, and the method also comprises:
When knowing that according to filter result system journal has the first flag bit, adopt short message mode and lettergram mode to send warning message;
When knowing that according to filter result system journal has the second flag bit, do not carry out alarm operation;
When knowing that according to filter result system journal has the 3rd flag bit, adopt lettergram mode to send warning message.
Another embodiment of the present invention provides a kind of processing platform of system journal, and this platform comprises system journal acquisition system and system log management system,
System journal acquisition system comprises message queue module, stencil-chosen device, keyword filtration device and guards task and scheduler DTS;
Message queue module, for accessing the equipment of generation system daily record, from the daily record of equipment acquisition system;
Stencil-chosen device, for the form of the system journal collecting is mated with the equipment template of appointment, confirms the device type that each system journal is corresponding;
Keyword filtration device, for according to the device type of each system journal, utilizes the keyword template of appointment to filter system journal, and filter result is sent to system log management system;
DTS, for being scheduled to message queue module, stencil-chosen device and keyword filtration device and scheduling;
System log management system comprises database, Data Generator, alarm module and data access and the DACC of control centre;
Database, for the data of storage platform;
Data Generator, for receiving the filter result from system journal acquisition system, and is stored to database according to predetermined consolidation form by filter result;
Alarm module, reports to the police for the data according to Data Generator;
DACC, for managing database, Data Generator and alarm module;
Wherein, the described equipment template of every kind of device type is generated by the conditional expression that can mate all system journal forms under this device type;
The described keyword template of every kind of device type allows the keyword comprising or forbids that the keyword comprising generates in system journal under this device type.
The embodiment of the present invention is by the technological means that system journal and the equipment template of setting up are matched, can distinguish the system journal of distinct device, the system journal of distinct device is carried out to different disposal, and the means of in conjunction with the keyword template of appointment, system journal being filtered by device type, improved the flexibility of filter type, can be comprehensively, exactly daily record is filtered.
By upper, the system journal processing scheme that the embodiment of the present invention provides, not only can carry out differentiating and processing and storage to dissimilar system journal, greatly facilitates the follow-up utilization to system journal, meet the demand to system journal secondary development, improve resource utilization; And can improve precision and the flexibility that daily record is filtered, the precise positioning of problem of implementation, accurately warning and problem early warning, the O&M quality of raising system.
Accompanying drawing explanation
Fig. 1 is the processing platform structure schematic diagram of a kind of system journal according to an embodiment of the invention;
Fig. 2 is the workflow schematic diagram of system journal acquisition system according to an embodiment of the invention;
Fig. 3 is the structural representation of the processing platform of another kind of system journal according to an embodiment of the invention;
Fig. 4 is the process flow schematic diagram of the system journal of another embodiment according to the present invention;
Fig. 5 is the process flow schematic diagram of the system journal of another embodiment according to the present invention.
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing, embodiment of the present invention is described further in detail.
The embodiment of the present invention has realized a kind of collective analysis, precise positioning, Realtime Alerts, facing multiple users, has been convenient to the processing platform of the system journal of inquiry and in-depth analysis, both can meet the log analysis demand of different application, distinct device, be again a set of complete monitoring and alarm comprehensive service platform.
The processing platform of a kind of system journal that one embodiment of the invention provides, referring to Fig. 1, this platform comprises system journal acquisition system and system log management system.The present embodiment does not strictly limit the title of platform and each device thereof, as the processing platform of system journal can be referred to as system log message collection and management system (Syslog Information Collection And Management System, SICMS), SICMS comprises system journal acquisition system 100 and system log management system 200.
System journal acquisition system 100 comprises the task of guarding and scheduler (Daemon Task and Scheduler, DTS), system log message collection (Syslog Information Collection, SIC) function and system log message management (Syslog Information Analyse, SIA) function.SIC comprises message queue (Message Queue) module 112 and heartbeat detection (Heartbeat Monitor) module 113; SIA comprises stencil-chosen device (Template Selector) 114 and keyword filtration device (Keywords Filter) 115.
System log management system 200 comprises database (Data Center) 214, Data Generator 212, alarm module 213, data access and control centre (Data Access & Control Centre, DACC) 211.Wherein alarm module 213 can be arranged in Surveillance center (Monitor Center), and in system log management system 200, can also be provided with control centre (Logzilla Expand).
Wherein, SIC function is mainly used in syslog to check and index, and generating messages queue flows to SIA.
Message queue module 112 is under the jurisdiction of SIC, for generating real-time message queue.
Heartbeat detection module 113 is under the jurisdiction of SIC, and for detection of reporting to the police, those can not normally deliver the collected equipment of daily record.
SIA function is mainly for the treatment of message queue and generate desired data.
Stencil-chosen device 114 is under the jurisdiction of SIA, uses corresponding equipment template to mate the system journal from collected equipment.
Keyword filtration device 115 is under the jurisdiction of SIA, by multistage filtering condition (as multistage keyword template) filtering data.
DTS111 is responsible for operation and the scheduling of SIC and SIA function in system journal acquisition system 100.
DACC211 mainly manages the device in system log management system 200, and its function comprises setting, database and management thereof, statistics and retrieval, monitoring alarm of grade keyword etc.
Database 214 is under the jurisdiction of DACC, for the syslog after record format, configuration information and admin log etc.
Control centre is under the jurisdiction of DACC, is network (web) control desk of DACC.
Surveillance center is under the jurisdiction of DACC, represents module two parts be comprised of classifying alarm module 213 and platform.
Below in conjunction with accompanying drawing, respectively above-mentioned each function and unit are specifically described.
Referring to Fig. 2, shown the workflow schematic diagram of the system journal acquisition system of one embodiment of the invention.
When the processing operation that starts to carry out to system journal, the equipment of message queue module 112 access generation system daily records, from the daily record of equipment acquisition system.These equipment are mainly some processes that may produce system journal, as in firewall box, router device, switch device and load-balancing device one or more etc.
Particularly, the equipment that message queue module 112 utilizes daily record instrument logtail access to need execution journal to gather, while there is system journal in this equipment, gather the syslog message stream of this system journal generating messages queue form, then message flow is sent into stencil-chosen device 114.Be the data mode that the present embodiment adopts message queue, so that system journal is processed.Logtail instrument is the client script being deployed on client-side (as syslog-ng daily record instrument), it arranges test point (checkpoint) for each journal file, so that up-to-date syslog record to be provided to SIC, it is the instrument that obtains data flow that message queue module 112 is used.This programme is arranged on client-side by system journal acquisition system, carries out the operation such as collection, filtration of system journal, and system log management system is arranged on to server side, carries out the operation such as warning, secondary development of system journal.
When message queue module 112 does not collect system journal from equipment, DTS111 scheduling heartbeat detection module 113 sends heartbeat message to equipment, be that heartbeat detection module 113 can send heartbeat message to equipment according to the scheduling of DTS111, thereby trigger this equipment and send any system journal, to determine the existing state of this equipment, whether this equipment is in normal operating conditions.When heartbeat detection module 113 receives this equipment according to the daily record of heartbeat message retrieval system, this system journal is sent to stencil-chosen device 114, by stencil-chosen device 114, processed.
When heartbeat detection module 113 receives this equipment, according to heartbeat message, return and indicate replying of breaking down, the information of this equipment is sent to DTS111 record, by DTS111, the information of this equipment is sent to system log management system and reports to the police.When heartbeat detection module 113 receives this equipment and returns to indication and reply normally according to heartbeat message, i.e. the normal work of this equipment but the not generation system daily record of this equipment finishes the operation to this equipment.
DTS111 moves and scheduling message queue module, stencil-chosen device and keyword filtration device.
Stencil-chosen device 114 mates the system journal collecting with the equipment template of appointment, confirm the device type that each system journal is corresponding.System journal forms syslog message stream after the processing of message queue module 112, and stencil-chosen device 114 mates equipment template with message flow.Device type can indicate the title of the equipment of generation system daily record, the model of equipment etc.When carrying out matching operation, stencil-chosen device 114 can travel through each equipment template, each equipment template is mated the system journal in message flow (as the form of system journal) one by one, when there is the equipment template that the match is successful, stop matching operation, the device type using the device type corresponding with the system journal equipment template that the match is successful as this system journal.
The equipment template that stencil-chosen device 114 can use from system log management system acquisition, for example, DTS in system journal acquisition system sends request the request of obtaining equipment template to the DACC in system log management system, DTS receives the equipment template that DACC issues according to this request, and DTS is sent to stencil-chosen device 114 by this equipment template.
In the present embodiment, to each device type, the conditional expression that can mate all system journal forms under this device type is chosen for the equipment template of this device type,, when carrying out the matching operation of equipment template and system journal, the form of the system journal collecting is mated with the equipment template of following appointment.The present embodiment is by the statistics and analysis to the system journal of each equipment, and the example of the equipment template of the appointment providing is as follows:
The equipment template of fire compartment wall (FireWall) is:
(.*?)\s?(\w+(-\w+){1,4})?\s?\%?\%?(\w+[-∨]([0-7])[-∨]\w+(\(\w+\))?):?\s?(.*)
The equipment template of router and switch (Switch and Router) is:
(.*?)\s?(\w+(-\w+){1,4})?\s?\%?\%?(\w+[-∨]([0-7])[-∨]\w+(\(\w+\))?):?\s?(.*)
The equipment template of F5 load-balancing device is:
(.*?)\s?\w+(-\w+){1,4}\s+(.*?):\s+(.*)
The equipment template of A10 load-balancing device is:
(.*?)\s?(a10logd:\s+\[\w+\])<([0-7])>\s+(.*)
The equipment template of Alteon load-balancing device is:
(\w+)\s+(AlteonOS\s+<\w+>):\s+(.*)
The equipment template of Juniper fire compartment wall or router device is:
(.*?)\s?[Jnpr|Juniper:]\s+(.*)
By upper, the system journal form of the present embodiment distinct device, the conditional expression being consistent with it of formulation, as equipment template.Equipment template is dispatched by DTS, for carrying out matching ratio pair at system journal acquisition system and message flow, determines which kind of equipment daily record source belongs to, and resolves each field implication, for the standardized format of follow-up data maker is exported used.
Keyword filtration device 115, according to the device type of each system journal, utilizes the keyword template of appointment to filter system journal, and filter result is sent to system log management system.The effect that system journal is classified has mainly been played in the filter operation of 115 pairs of system journals of keyword filtration device, system journal after filtering in the present embodiment is divided into three major types, one class is dangerous system journal (can be it the first flag bit is set), a class is safe system journal (can be it the second flag bit is set) again, another class is unknown system journal (can be it the 3rd flag bit is set), according to classification, the relevant information of system journal is reported to server side (as system log management system), thereby make system log management system carry out different operations to different classes of system journal.
In embodiment shown in Fig. 2, keyword filtration device 115 comprises one-level keyword filtration device and secondary key filter.The keyword template that keyword filtration device 115 uses comprises one-level keyword template and secondary key template, the secondary key template difference corresponding to system journal of distinct device type, and the system journal of all devices type can be used identical one-level keyword template.
The keyword template that keyword filtration device 115 can use from system log management system acquisition, for example, DTS in system journal acquisition system sends request the request of obtaining keyword template to the DACC in system log management system, DTS receives the keyword template that DACC issues according to this request, and DTS is sent to keyword filtration device 115 by this keyword template.
One-level keyword filtration device in keyword filtration device 115 utilizes one-level keyword template to mate the system journal of all devices type, for the successful system journal of one-level keyword template matches arranges the first flag bit, the first flag bit of the system journal that the match is successful, this system journal and device type are reported to system log management system.The flag bit arranging in the present embodiment is a kind of alert levels mark, and as the first flag bit can be set to 1, expression alert levels is one-level.System journal to the first flag bit, regards as dangerous daily record, needs to report to the police.
System journal to the failure of one-level keyword template matches, secondary key filter utilizes secondary key template corresponding to the device type of this system journal to mate this system journal, for the successful system journal of secondary key template matches arranges the second flag bit, the device type of the system journal that the match is successful, this system journal is reported to system log management system.As the second flag bit can be set to 2, expression alert levels is secondary.System journal to the second flag bit, regards as eliminating object, i.e. the type system journal is security log, does not need to report to the police.
Keyword filtration device 115, for one-level keyword template and the system journal that all it fails to match of secondary key template arrange the 3rd flag bit, reports to system log management system by the 3rd flag bit and the device type of this system journal, this system journal.As the 3rd flag bit can be set to-1, represent undefined.By the system journal of the 3rd flag bit, can find daily record that do not excavated, that there is potential value outside filter condition, strengthen discovery and the learning ability of system.
By upper, consider that the system journal with the second flag bit does not need to report to the police, in the present embodiment, only adopt the first flag bit, the 3rd flag bit that arrange are reported to server side, and the second flag bit arranging is not reported to the processing mode of server side, at server side, the system journal having outside the first flag bit or the 3rd flag bit is considered as having the second system journal being masked as.
Under another mode, client can all report to server side by the first flag bit, the second flag bit and the 3rd flag bit that arrange, is convenient to server side different system journals is distinguished and operated.
The one-level keyword template that the present embodiment is used, sees table 1:
Table 1
| A10 | L2MC | to?down | [Pp]ower |
| ACTIVE | LAGG | to?up | [Rr]eal |
| ALARM | LINEPROTO | TRUNK | [Rr]eboot |
| ALERT | LINK | UP | [Ss]tandby |
| ALM | Main?Board | VLAN | [Vv]rrp |
| ALMA | MEM | VOSCPU | \b?down.\b |
| alteon | Memory | VOSMEM | \b?up.\b |
| ARP | Module | VRRP | \b?STP\b |
| BGP | NOTICE | [Aa]ctive | \s[Dd]own\s |
| CPU | OSPF | [Bb]ackup | \s[Uu]p\s |
| DEV | PHY | [Bb]gp | ? |
| DIAGCLI | result | [Cc]annot | ? |
| DOWN | RM | [Dd]isk | ? |
| DRV | Slot | [Dd]own | ? |
| error | SP-3 | [Ff]ail | ? |
| ETRUNK | SP-5 | [Ff]ailover | ? |
| failure | SPSTBY-5 | [Ll]ink | ? |
| FAN | STNDBY | [Mm]aster | ? |
| HA\s | SYSM | [Oo]spf | ? |
| L2INF | TNET | [Pp]anic | ? |
Each sash in above-mentioned table 1 represents an one-level keyword, when a system journal and above-mentioned at least one one-level keyword match, shows this system journal and the success of one-level keyword template matches.Above-mentioned symbol " b, s, [] " be regular expression grammer, symbol " b " represents coupling nearby, symbol " s " represents that space, symbol " [] " represent that character is wherein optional.
The secondary key template that the present embodiment is used distinct device is different, and the example shown of secondary key template is as follows:
The secondary key template that A10 load-balancing device is corresponding is as follows:
(″NTP″,″[Uu]ser″,″Session″,″Service?tcp″,″SLB?server″);
The secondary key template that F5 load-balancing device is corresponding is as follows:
(″ssl_″,″NTP″,″[Uu]ser″,″Session″,″HTTP″,″mysql″,″syslog-ng″,″crond″,″httpd″,″sshd″,″anacron″,″mcpd″,″Limiting″);
The secondary key template that Alteon load-balancing device is corresponding is as follows:
(″mgmt″);
The secondary key template that firewall box is corresponding is as follows:
(″[Dd]enied″,″Deny″,″Invalid″,″[Pp]ower″,″[Cc]onfigur″);
The secondary key template that router is corresponding with switch device is as follows:
(″[Cc]onfigur″,″SHELL″,″CMD″,″SSH″,″SNMP″,″TELNET″,″VTY″,″Trap″,″OID″,″admin″);
The secondary key template that Nokia firewall box is corresponding is as follows:
(″BACKUP_RESTORE_CONFIG″,″snmpd″,″repeated″,″telnetd″,″syslogd″,″CONFIG″,″ntpdate″,″cron:″,″ipsctl?get?error″,″login″,″passwd″);
The secondary key template that juniper firewall box is corresponding is as follows:
(″SNMP″,″INFO″,′System\(\)\[\]′,″Syslog?3835″,″Unable?to?resolve″,″Unable?to?open″)。
Further, during the equipment template that not do not match with the system journal collecting in stencil-chosen device 114 in the present embodiment, the device type of this system journal is set to undefined (undefined) device type; Keyword filtration device 115 only utilizes one-level keyword template to mate this system journal, the first flag bit and the device type of the system journal that the match is successful, this system journal are reported to server side, the system journal that it fails to match is recorded in temporary file and is put on record.
By upper, the present embodiment adopts the keyword structure of two-stage, one-level keyword template is used as alarm feature, secondary key template is used as getting rid of feature, the one-level keyword template that is every kind of device type forbids that in system journal under this device type the keyword comprising generates, and the secondary key template of every kind of device type allows the keyword comprising to generate in system journal under this device type.
One-level keyword template action is in all types of equipment, and secondary key template action is in dissimilar equipment.According to keyword template, filter out one-level, secondary and other system journal of undefined level.The system journal that is 1 for flag bit (regarding as danger), its device type is directly passed to system log management system together with flag bit, as being first sent to the Data Generator in system log management system, after the form of this system journal being processed by Data Generator again, be sent to alarm module and be stored in database module; The system journal that is 2 to flag bit (regard as and get rid of object), submits to database module by information such as its device type, keyword count results; The system journal (regarding as undefined) that is-1 for flag bit, is also directly passed to system log management system by its device type together with flag bit.
The system journal acquisition system that the present embodiment provides can be according to unit type, filter out unessential junk information, can automatically find again the valuable log information of not excavated simultaneously, the precise positioning of problem of implementation, accurately warning and problem early warning, for O&M personnel's quick response provides powerful guarantee, improve O&M quality.
Referring to Fig. 3, shown the structural representation of processing platform of the another kind of system journal of one embodiment of the invention.This platform comprises the system journal acquisition system 100 that is positioned at client-side (as syslog-ng daily record instrument), and the system log management system 200 that is positioned at (as the syslog-ng daily record tool server) of server side.
System journal acquisition system 100 comprises DTS, keyword filtration device (comprising one-level keyword filtration device and secondary key filter), message queue module, stencil-chosen device and heartbeat detection module, and the specific works mode of these devices can be referring to the related content in the embodiment shown in Fig. 1 and Fig. 2.The present embodiment mainly describes the structure of system log management system 200 and operational mode.
System log management system 200 comprises database 214, Data Generator 212, alarm module 213 and DACC211.DACC211 manages database, Data Generator and alarm module.
Data in database 214 storage platforms.Database 214 can adopt mysql database, the business datum of its storage platform, configuration information and system journal etc., and called by Data Generator 212 and DACC211.
The filter result that Data Generator 212 receives from system journal acquisition system 100, and according to predetermined consolidation form, filter result is stored to database.Data Generator 212 is organized into unified reference format by each system journal and relevant information thereof, the data that receive being formatd, is according to the form of the order of Hostname-IP address-device type-flag bit-system journal as the related data of every system journal is arranged.Data Generator 212 is stored to the system journal after consolidation form in database 214.
When carrying out secondary development or data statistics etc., need to be from database 214 during extraction system daily record, DACC receives from outside log processing instruction, according to this instruction, according to predetermined consolidation form, from database 214, extract the system journal of designated equipment type, and process according to log processing instruction, as data statistics or screen undefined valuable new key etc.
In the present embodiment by the device type reporting according to system journal acquisition system, system journal is converted to the technological means of consolidation form, can carry out differentiating and processing and storage to dissimilar system journal, greatly facilitate the follow-up utilization to system journal, meet the demand to system journal secondary development, improve resource utilization; And can improve precision and the flexibility that daily record is filtered, the precise positioning of problem of implementation, accurately warning and problem early warning, the O&M quality of raising system.
Alarm module 213 is reported to the police according to the data in Data Generator 212.Alarm module 213 is thrown for Data Generator 212 data of coming and is reported to the police.Actuation of an alarm comprises SMS alarm, two kinds of modes of mail warning.The system journal that is 1 for flag bit, alarm module 213 triggers this two kinds of modes simultaneously, as alarm module 213 sends mail or sends SMS alarm to service groups.The system journal that flag bit is-1 only triggers mail type of alarm, as alarm module 213 only sends mail to service groups, reports to the police.Be alarm module 213 when knowing that according to the filter result in described Data Generator 212 system journal has the first flag bit, adopt short message mode and lettergram mode to send warning message; When knowing that according to described filter result system journal has the 3rd flag bit, adopt lettergram mode to send warning message; When knowing that according to described filter result system journal does not have the first flag bit or the 3rd flag bit, do not carry out alarm operation.
Except the service groups to long-range is reported to the police, the present embodiment also can be realized the platform of this platform and report to the police on DACC.Platform is reported to the police and to be represented with color and two kinds of modes of sound, and color aspect is divided into two kinds of yellow early warning and red alarm, and sound aspect is to carry out audio frequency playback action for red alarm.
In system log management system, can also comprise an independently control centre (Logzilla Expand), or this control centre can be arranged in DACC and realize.Logzilla is a log collection instrument of increasing income, and can well show and retrieve log.This programme, on logzilla basis, by php language development, has added template definition module, keyword definition module, alarm module, statistical analysis module, Smart Logo keyword module.Logzilla is transformed into for collection log information management, monitoring alarm, statistical analysis and intelligentized comprehensive management and control platform, i.e. a control centre (Logzilla Expand).
Control centre provides that visualized data represents, data correlation retrieval, equipment template definition, keyword template definition, data statistic analysis, data derivation, authority and configuration modification, platform warning function, Smart Logo keyword function etc.
Control centre is by define equipment template, keyword template, realize the hardware and software platform management of template, and, when the equipment of the needs monitoring that occurs newly adding, Zhi Xu control centre is its configuration device template, keyword template and is issued to after keyword filtration device, the processing platform of the system journal that just new equipment can be included in, has realized the log analysis demand of different application, distinct device.
And control centre is by realizing the function of chart to the statistical computation of historical data; By a minute word algorithm, can count valuable new key in undefined daily record, and in the monitoring page, automatically provide new key and add information, thereby form a comprehensive service platform that integrates data, monitoring, warning, statistical function, intellectual analysis.
Another embodiment of the present invention also provides a kind of processing method of system journal, and referring to Fig. 4, the method comprises:
S400: the equipment of access generation system daily record, from the daily record of described equipment acquisition system;
S402: the form of the system journal collecting is mated with the equipment template of appointment, confirm the device type that each system journal is corresponding;
S404: according to the device type of each system journal, utilize the keyword template of appointment to filter system journal;
S406: described filter result is sent to server side, by server side to the described system journal processing of reporting to the police.
Wherein, the equipment template of every kind of device type is generated by the conditional expression that can mate all system journal forms under this device type;
The keyword template of every kind of device type allows the keyword comprising or forbids that the keyword comprising generates in system journal under this device type
Wherein, above-mentioned steps S400 comprises: utilize daily record instrument logtail access means, while there is system journal in this equipment, gather the syslog message stream of this system journal generating messages queue form; While there is not system journal in this equipment, by the DTS setting up, to this equipment, send heartbeat message, if this equipment is according to the daily record of heartbeat message retrieval system, gather the syslog message stream of this system journal generating messages queue form, if this equipment returns and indicates replying of breaking down according to heartbeat message, by the information recording of relevant device in DTS, by DTS, be sent to server side and report to the police.
Before step S402, said method also comprises: to server side, send request the request of obtaining described equipment template and/or keyword template; The equipment template that reception server lateral root issues according to described request and/or keyword template.
The keyword template of above-mentioned appointment comprises one-level keyword template and secondary key template, the secondary key template arranging for the system journal of distinct device type is different, above-mentioned steps S404 comprises: utilize one-level keyword template to mate the system journal of all devices type, for the successful system journal of one-level keyword template matches arranges the first flag bit, the first flag bit and the device type of the system journal that the match is successful, this system journal are reported to server side; System journal to the failure of one-level keyword template matches, utilize the secondary key template corresponding to device type of this system journal to mate this system journal, for the successful system journal of secondary key template matches arranges the second flag bit, the device type of the system journal that the match is successful, this system journal is reported to server side; And, for one-level keyword template and the system journal that all it fails to match of secondary key template arrange the 3rd flag bit, the 3rd flag bit and the device type of this system journal, this system journal are reported to server side.
By upper, the present embodiment adopts the keyword structure of two-stage, and one-level keyword template is used as alarm feature, and secondary key template is used as getting rid of feature.One-level keyword template action is in all types of equipment, and secondary key template action is in dissimilar equipment.According to keyword template, filter out one-level, secondary and other system journal of undefined level.The system journal that is 1 for flag bit (regarding as danger), its device type is directly passed to system log management system together with flag bit, as being first sent to the Data Generator in system log management system, after the form of this system journal being processed by Data Generator again, be sent to alarm module and be stored in database module; The system journal that is 2 to flag bit (regard as and get rid of object), submits to database module by information such as its device type, keyword count results; The system journal (regarding as undefined) that is-1 for flag bit, is also directly passed to system log management system by its device type together with flag bit.
Further, said method also comprises: when the system journal collecting does not have the equipment template of coupling, the device type of this system journal is set to undefined device type;
In step S404, utilize the keyword template of appointment that system journal is filtered and comprised: only to utilize one-level keyword template to mate this system journal, the first flag bit and the device type of the system journal that the match is successful, this system journal are reported to server side, the system journal that it fails to match is recorded in temporary file.
In this method embodiment, the concrete manner of execution of each step can, referring to the related content of system journal acquisition system in product embodiments of the present invention, not repeat them here.
Another embodiment of the present invention also provides a kind of processing method of system journal, and referring to Fig. 5, the method comprises:
S500: the filter result of the system journal that reception client-side reports is also stored to database according to predetermined consolidation form by filter result, this filter result comprises system journal and flag bit corresponding to this system journal, and this flag bit comprises the first flag bit and the 3rd flag bit.
S502: when knowing that according to described filter result system journal has the first flag bit, adopt short message mode and lettergram mode to send warning message;
S504: when knowing that according to described filter result system journal has the 3rd flag bit, adopt lettergram mode to send warning message;
S506: when knowing that according to described filter result system journal does not have the first flag bit or the 3rd flag bit, do not carry out alarm operation.
In the scheme of above-mentioned steps S500 to S506, client only reports to server side by the first flag bit and the second flag bit that arrange, at server side, the system journal having outside the first flag bit or the 3rd flag bit is considered as having the second system journal being masked as.
Under another mode, when client all reports to server side by the first flag bit, the second flag bit and the 3rd flag bit that arrange, server side can identify the system journal of each classification convenient, rapidly, is convenient to server side and system journal of all categories is comprised to other operation of reporting to the police and processing.
Further, in above-mentioned filter result, also comprise the device type of system journal, the method also comprises: according to the log processing instruction receiving, according to described predetermined consolidation form, from described database, extract the system journal of designated equipment type, and process according to described log processing instruction, as data statistics or screen undefined valuable new key etc.
In this method embodiment, the concrete manner of execution of each step can, referring to the related content of system log management system in product embodiments of the present invention, not repeat them here.
From the above mentioned, the embodiment of the present invention is by the technological means that system journal and the equipment template of setting up are matched, can distinguish the system journal of distinct device, the system journal of distinct device is carried out to different disposal, and the means of in conjunction with the keyword template of appointment, system journal being filtered by device type, improved the flexibility of filter type, can be comprehensively, exactly daily record is filtered.
By upper, the system journal processing scheme that the embodiment of the present invention provides, not only can carry out differentiating and processing and storage to dissimilar system journal, greatly facilitates the follow-up utilization to system journal, meet the demand to system journal secondary development, improve resource utilization; And can improve precision and the flexibility that daily record is filtered, the precise positioning of problem of implementation, accurately warning and problem early warning, the O&M quality of raising system.
For the ease of the clear technical scheme of describing the embodiment of the present invention, in inventive embodiment, adopted the printed words such as " first ", " second " to distinguish the essentially identical identical entry of function and efficacy or similar item, it will be appreciated by those skilled in the art that the printed words such as " first ", " second " do not limit quantity and execution order.
The foregoing is only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.All any modifications of doing within the spirit and principles in the present invention, be equal to replacement, improvement etc., be all included in protection scope of the present invention.
Claims (10)
1. a processing method for system journal, is characterized in that, described method comprises:
The equipment of access generation system daily record, from the daily record of described equipment acquisition system;
The form of the system journal collecting is mated with the equipment template of appointment, confirm the device type that each system journal is corresponding;
According to the device type of each system journal, utilize the keyword template of appointment to filter system journal;
Described filter result is sent to server side, by server side to the described system journal processing of reporting to the police;
Wherein, the described equipment template of every kind of device type is generated by the conditional expression that can mate all system journal forms under this device type;
The described keyword template of every kind of device type allows the keyword comprising or forbids that the keyword comprising generates in system journal under this device type.
2. method according to claim 1, is characterized in that, the equipment of described access generation system daily record comprises from the daily record of described equipment acquisition system:
Utilize daily record instrument logtail to access described equipment, while there is system journal in this equipment, gather the syslog message stream of this system journal generating messages queue form; While there is not system journal in this equipment, by the task of guarding and the scheduler DTS setting up, to this equipment, send heartbeat message, if this equipment is according to the daily record of heartbeat message retrieval system, gather the syslog message stream of this system journal generating messages queue form, if this equipment returns and indicates replying of breaking down according to heartbeat message, by the information recording of relevant device in DTS, by DTS, be sent to server side and report to the police.
3. method according to claim 1, is characterized in that, described method also comprises:
To server side, send request the request of obtaining described equipment template and/or keyword template;
The equipment template that reception server lateral root issues according to described request and/or keyword template.
4. method according to claim 1, it is characterized in that, the keyword template of described appointment comprises one-level keyword template and secondary key template, the secondary key template arranging for the system journal of distinct device type is different, described one-level keyword template forbids that in system journal under this device type the keyword comprising generates, described secondary key template allows the keyword comprising to generate in system journal under this device type
Described according to the device type of each system journal, utilize the keyword template of appointment that system journal is filtered and comprised:
Utilize one-level keyword template to mate the system journal of all devices type, for the successful system journal of one-level keyword template matches arranges the first flag bit, the first flag bit and the device type of the system journal that the match is successful, this system journal are reported to server side;
System journal to the failure of one-level keyword template matches, utilize the secondary key template corresponding to device type of this system journal to mate this system journal, for the successful system journal of secondary key template matches arranges the second flag bit, the device type of the system journal that the match is successful, this system journal is reported to server side; And,
For one-level keyword template and the system journal that all it fails to match of secondary key template arrange the 3rd flag bit, the 3rd flag bit and the device type of this system journal, this system journal are reported to server side.
5. method according to claim 4, is characterized in that, described method also comprises: when the system journal collecting does not have the equipment template of coupling, the device type of this system journal is set to undefined device type;
The described keyword template of appointment of utilizing is filtered and is comprised system journal:
Only utilize one-level keyword template to mate this system journal, the first flag bit and the device type of the system journal that the match is successful, this system journal are reported to server side, the system journal that it fails to match is recorded in temporary file.
6. a processing method for system journal, is characterized in that, described method comprises:
The filter result of the system journal that reception client-side reports is also stored to database according to predetermined consolidation form by filter result, described filter result comprises system journal and flag bit corresponding to this system journal, and described flag bit comprises the first flag bit and the 3rd flag bit;
When knowing that according to described filter result system journal has the first flag bit, adopt short message mode and lettergram mode to send warning message;
When knowing that according to described filter result system journal has the 3rd flag bit, adopt lettergram mode to send warning message;
When knowing that according to described filter result system journal does not have the first flag bit or the 3rd flag bit, do not carry out alarm operation.
7. method according to claim 6, is characterized in that,
In described filter result, also comprise the device type of system journal, described method also comprises:
According to the log processing instruction receiving, according to described predetermined consolidation form, from described database, extract the system journal of designated equipment type, and process according to described log processing instruction.
8. a processing platform for system journal, is characterized in that, described platform comprises system journal acquisition system and system log management system,
Described system journal acquisition system comprises message queue module, stencil-chosen device, keyword filtration device and guards task and scheduler DTS;
Described message queue module, for accessing the equipment of generation system daily record, from the daily record of described equipment acquisition system;
Described stencil-chosen device, for the form of the system journal collecting is mated with the equipment template of appointment, confirms the device type that each system journal is corresponding;
Described keyword filtration device, for according to the device type of each system journal, utilizes the keyword template of appointment to filter system journal, and described filter result is sent to system log management system;
Described DTS, for being scheduled to described message queue module, described stencil-chosen device and described keyword filtration device and scheduling;
Described system log management system comprises database, Data Generator, alarm module and data access and the DACC of control centre;
Described database, for the data of storage platform;
Described Data Generator, for receiving the filter result from system journal acquisition system, and is stored to described database according to predetermined consolidation form by filter result;
Described alarm module, reports to the police for the data according to described Data Generator;
Described DACC, for managing described database, Data Generator and alarm module;
Wherein, the described equipment template of every kind of device type is generated by the conditional expression that can mate all system journal forms under this device type;
The described keyword template of every kind of device type allows the keyword comprising or forbids that the keyword comprising generates in system journal under this device type.
9. platform according to claim 8, is characterized in that, described system journal acquisition system also comprises heartbeat detection module,
Described message queue module, also for utilizing daily record instrument logtail to access described equipment, while there is system journal in this equipment, gathers the syslog message stream of this system journal generating messages queue form;
Described DTS, also for when described message queue module does not collect system journal from described equipment, dispatches described heartbeat detection module and sends heartbeat message to described equipment;
Described heartbeat detection module, for sending heartbeat message according to the scheduling of described DTS to equipment, when receiving this equipment according to the daily record of heartbeat message retrieval system, this system journal is sent to described stencil-chosen device, when receiving this equipment, according to heartbeat message, return and indicate replying of breaking down, the information of this equipment is sent to described DTS record, by DTS, the information of this equipment is sent to system log management system and reports to the police.
10. platform according to claim 8 or claim 9, it is characterized in that, the keyword template that described keyword filtration device uses comprises one-level keyword template and secondary key template, the secondary key template difference corresponding to system journal of distinct device type, described one-level keyword template forbids that in system journal under this device type the keyword comprising generates, described secondary key template allows the keyword comprising to generate in system journal under this device type
Described keyword filtration device, specifically for utilizing one-level keyword template, the system journal of all devices type is mated, for the successful system journal of one-level keyword template matches arranges the first flag bit, the first flag bit of the system journal that the match is successful, this system journal and device type are reported to system log management system; System journal to the failure of one-level keyword template matches, utilize the secondary key template corresponding to device type of this system journal to mate this system journal, for the successful system journal of secondary key template matches arranges the second flag bit, the device type of the system journal that the match is successful, this system journal is reported to system log management system; And, for one-level keyword template and the system journal that all it fails to match of secondary key template arrange the 3rd flag bit, the 3rd flag bit and the device type of this system journal, this system journal are reported to system log management system;
Described alarm module, specifically for when knowing that according to the filter result in described Data Generator system journal has the first flag bit, adopts short message mode and lettergram mode to send warning message; When knowing that according to described filter result system journal has the 3rd flag bit, adopt lettergram mode to send warning message; When knowing that according to described filter result system journal does not have the first flag bit or the 3rd flag bit, do not carry out alarm operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310172737.7A CN104144071B (en) | 2013-05-10 | 2013-05-10 | The processing platform of the processing method and system daily record of system journal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310172737.7A CN104144071B (en) | 2013-05-10 | 2013-05-10 | The processing platform of the processing method and system daily record of system journal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104144071A true CN104144071A (en) | 2014-11-12 |
| CN104144071B CN104144071B (en) | 2018-02-06 |
Family
ID=51853143
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310172737.7A Active CN104144071B (en) | 2013-05-10 | 2013-05-10 | The processing platform of the processing method and system daily record of system journal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104144071B (en) |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105183625A (en) * | 2015-08-31 | 2015-12-23 | 北京奇虎科技有限公司 | Log data processing method and apparatus |
| WO2016082371A1 (en) * | 2014-11-25 | 2016-06-02 | 中国科学院声学研究所 | Ssh protocol-based session parsing method and system |
| CN105824835A (en) * | 2015-01-07 | 2016-08-03 | 北京艾力泰尔信息技术有限公司 | Self-learning type telemetry data identification method |
| CN105956082A (en) * | 2016-04-29 | 2016-09-21 | 深圳前海大数点科技有限公司 | Real-time data processing and storage system |
| CN106022349A (en) * | 2015-03-27 | 2016-10-12 | 国际商业机器公司 | Method and system for determining device types |
| CN106209405A (en) * | 2015-05-06 | 2016-12-07 | 中国移动通信集团内蒙古有限公司 | Method for diagnosing faults and device |
| CN106209466A (en) * | 2016-07-21 | 2016-12-07 | 柳州龙辉科技有限公司 | A kind of system journal processing method |
| CN106445806A (en) * | 2016-08-26 | 2017-02-22 | 北京小米移动软件有限公司 | Software testing method and device |
| CN106878085A (en) * | 2017-03-03 | 2017-06-20 | 安徽大智睿科技技术有限公司 | A kind of realization method and system of the system journal record based on message informing |
| CN107332720A (en) * | 2017-08-22 | 2017-11-07 | 河钢股份有限公司承德分公司 | A kind of device for collecting interchanger daily record |
| CN107426039A (en) * | 2017-09-18 | 2017-12-01 | 武汉虹信通信技术有限责任公司 | The method and system that a kind of daily record is reported and received |
| CN108563629A (en) * | 2018-03-13 | 2018-09-21 | 北京仁和诚信科技有限公司 | A kind of daily record resolution rules automatic generation method and device |
| CN108712294A (en) * | 2018-06-05 | 2018-10-26 | 陈艳 | A method of network equipment monitoring alarm is realized based on Syslog knowledge bases |
| CN108718295A (en) * | 2018-04-20 | 2018-10-30 | 新华三技术有限公司 | A kind of system log transmission method and device |
| CN109818763A (en) * | 2017-11-20 | 2019-05-28 | 北京绪水互联科技有限公司 | The real-time quality control method of analytic statistics methods and system and equipment and system of equipment fault |
| CN110377576A (en) * | 2019-07-24 | 2019-10-25 | 中国工商银行股份有限公司 | Create method and apparatus, the log analysis method of log template |
| CN110493348A (en) * | 2019-08-26 | 2019-11-22 | 山东融为信息科技有限公司 | A kind of intelligent monitoring and alarming system based on Internet of Things |
| US10489715B2 (en) | 2015-03-27 | 2019-11-26 | International Business Machines Corporation | Fingerprinting and matching log streams |
| CN111046012A (en) * | 2019-12-02 | 2020-04-21 | 东软集团股份有限公司 | Inspection log extraction method and device, storage medium and electronic equipment |
| CN111144086A (en) * | 2019-12-20 | 2020-05-12 | 锐捷网络股份有限公司 | Log formatting method and device, electronic equipment and storage medium |
| CN111310147A (en) * | 2020-03-20 | 2020-06-19 | 符安文 | Distributed internal information platform |
| CN111782522A (en) * | 2020-06-29 | 2020-10-16 | Oppo广东移动通信有限公司 | Output method of trace message, electronic device and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102902764A (en) * | 2012-09-25 | 2013-01-30 | 北京奇虎科技有限公司 | Method and device for log recording |
-
2013
- 2013-05-10 CN CN201310172737.7A patent/CN104144071B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102902764A (en) * | 2012-09-25 | 2013-01-30 | 北京奇虎科技有限公司 | Method and device for log recording |
Non-Patent Citations (2)
| Title |
|---|
| 赵红宙: ""系统日志syslog在电信网管中的应用"", 《电子质量》 * |
| 顾群业等: ""基于SNMP和SYSLOG的校园网运行状况分析系统探讨"", 《山东轻工业学院学报》 * |
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016082371A1 (en) * | 2014-11-25 | 2016-06-02 | 中国科学院声学研究所 | Ssh protocol-based session parsing method and system |
| CN105824835A (en) * | 2015-01-07 | 2016-08-03 | 北京艾力泰尔信息技术有限公司 | Self-learning type telemetry data identification method |
| US10489715B2 (en) | 2015-03-27 | 2019-11-26 | International Business Machines Corporation | Fingerprinting and matching log streams |
| CN106022349A (en) * | 2015-03-27 | 2016-10-12 | 国际商业机器公司 | Method and system for determining device types |
| US10489714B2 (en) | 2015-03-27 | 2019-11-26 | International Business Machines Corporation | Fingerprinting and matching log streams |
| CN106209405B (en) * | 2015-05-06 | 2019-11-08 | 中国移动通信集团内蒙古有限公司 | Method for diagnosing faults and device |
| CN106209405A (en) * | 2015-05-06 | 2016-12-07 | 中国移动通信集团内蒙古有限公司 | Method for diagnosing faults and device |
| CN105183625B (en) * | 2015-08-31 | 2018-04-13 | 北京奇虎科技有限公司 | A kind of daily record data treating method and apparatus |
| CN105183625A (en) * | 2015-08-31 | 2015-12-23 | 北京奇虎科技有限公司 | Log data processing method and apparatus |
| CN105956082A (en) * | 2016-04-29 | 2016-09-21 | 深圳前海大数点科技有限公司 | Real-time data processing and storage system |
| CN105956082B (en) * | 2016-04-29 | 2019-07-02 | 深圳大数点科技有限公司 | Real time data processing and storage system |
| CN106209466A (en) * | 2016-07-21 | 2016-12-07 | 柳州龙辉科技有限公司 | A kind of system journal processing method |
| CN106445806A (en) * | 2016-08-26 | 2017-02-22 | 北京小米移动软件有限公司 | Software testing method and device |
| CN106445806B (en) * | 2016-08-26 | 2019-09-17 | 北京小米移动软件有限公司 | Method for testing software and device |
| CN106878085A (en) * | 2017-03-03 | 2017-06-20 | 安徽大智睿科技技术有限公司 | A kind of realization method and system of the system journal record based on message informing |
| CN107332720A (en) * | 2017-08-22 | 2017-11-07 | 河钢股份有限公司承德分公司 | A kind of device for collecting interchanger daily record |
| CN107426039A (en) * | 2017-09-18 | 2017-12-01 | 武汉虹信通信技术有限责任公司 | The method and system that a kind of daily record is reported and received |
| CN109818763A (en) * | 2017-11-20 | 2019-05-28 | 北京绪水互联科技有限公司 | The real-time quality control method of analytic statistics methods and system and equipment and system of equipment fault |
| CN109818763B (en) * | 2017-11-20 | 2022-04-15 | 北京绪水互联科技有限公司 | Equipment fault analysis and statistics method and system and equipment real-time quality control method and system |
| CN108563629B (en) * | 2018-03-13 | 2022-04-19 | 北京仁和诚信科技有限公司 | Automatic log analysis rule generation method and device |
| CN108563629A (en) * | 2018-03-13 | 2018-09-21 | 北京仁和诚信科技有限公司 | A kind of daily record resolution rules automatic generation method and device |
| CN108718295A (en) * | 2018-04-20 | 2018-10-30 | 新华三技术有限公司 | A kind of system log transmission method and device |
| CN108712294A (en) * | 2018-06-05 | 2018-10-26 | 陈艳 | A method of network equipment monitoring alarm is realized based on Syslog knowledge bases |
| CN110377576B (en) * | 2019-07-24 | 2021-10-29 | 中国工商银行股份有限公司 | Method and device for creating log template and log analysis method |
| CN110377576A (en) * | 2019-07-24 | 2019-10-25 | 中国工商银行股份有限公司 | Create method and apparatus, the log analysis method of log template |
| CN110493348A (en) * | 2019-08-26 | 2019-11-22 | 山东融为信息科技有限公司 | A kind of intelligent monitoring and alarming system based on Internet of Things |
| CN111046012A (en) * | 2019-12-02 | 2020-04-21 | 东软集团股份有限公司 | Inspection log extraction method and device, storage medium and electronic equipment |
| CN111046012B (en) * | 2019-12-02 | 2023-09-26 | 东软集团股份有限公司 | Method and device for extracting inspection log, storage medium and electronic equipment |
| CN111144086A (en) * | 2019-12-20 | 2020-05-12 | 锐捷网络股份有限公司 | Log formatting method and device, electronic equipment and storage medium |
| CN111310147A (en) * | 2020-03-20 | 2020-06-19 | 符安文 | Distributed internal information platform |
| CN111782522A (en) * | 2020-06-29 | 2020-10-16 | Oppo广东移动通信有限公司 | Output method of trace message, electronic device and storage medium |
| CN111782522B (en) * | 2020-06-29 | 2023-10-24 | 哲库科技(北京)有限公司 | Tracking message output method, electronic device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104144071B (en) | 2018-02-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104144071A (en) | System log processing method and platform | |
| CN104506393B (en) | A kind of system monitoring method based on cloud platform | |
| CN105183609B (en) | A kind of real-time monitoring system for being applied to software system and method | |
| CN101483545B (en) | Financial service monitoring method and system | |
| CN114584401B (en) | Tracing system and method for large-scale network attack | |
| EP2487860B1 (en) | Method and system for improving security threats detection in communication networks | |
| CN109359098B (en) | System and method for monitoring scheduling data network behaviors | |
| CN105207826A (en) | Security attack alarm positioning system based on Spark big data platform of Tachyou | |
| CN102014020A (en) | Equipment for performing network monitoring on network equipment and method thereof | |
| CN113612763B (en) | Network attack detection device and method based on network security malicious behavior knowledge base | |
| CN106055608A (en) | Method and apparatus for automatically collecting and analyzing switch logs | |
| CN103827810A (en) | Asset model import connector | |
| CN107659443A (en) | The monitoring method and its system of a kind of real time business | |
| CN113157994A (en) | Multi-source heterogeneous platform data processing method | |
| CN103166788B (en) | A kind of collection control Control management system | |
| CN104637265A (en) | Dispatch-automated multilevel integration intelligent watching alarming system | |
| CN114244676A (en) | Intelligent IT integrated gateway system | |
| CN113946497A (en) | Method suitable for unified intelligent monitoring and alarming of multi-cloud platform resources | |
| CN107547228A (en) | A kind of safe operation management platform based on big data realizes framework | |
| EP2936772A1 (en) | Network security management | |
| CN112104659A (en) | Real-time monitoring platform based on government affair application safety | |
| US11558242B2 (en) | Generation of synthetic alerts and unified dashboard for viewing multiple layers of data center simultaneously | |
| CN117118761B (en) | Deep defense system and method for penetrating intelligent automobile information security | |
| CN114006940A (en) | Building integrated management information pushing method, system, computer and storage medium | |
| CN103618635A (en) | Classified association management and control system of informationized equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder |
Address after: Room 810, 8 / F, 34 Haidian Street, Haidian District, Beijing 100080 Patentee after: BEIJING D-MEDIA COMMUNICATION TECHNOLOGY Co.,Ltd. Address before: 100089 Beijing city Haidian District wanquanzhuang Road No. 28 Wanliu new building 6 storey block A room 602 Patentee before: BEIJING D-MEDIA COMMUNICATION TECHNOLOGY Co.,Ltd. |
|
| CP02 | Change in the address of a patent holder |