CN105141448B - A kind of acquisition method and device of daily record - Google Patents

A kind of acquisition method and device of daily record Download PDF

Info

Publication number
CN105141448B
CN105141448B CN201510451557.1A CN201510451557A CN105141448B CN 105141448 B CN105141448 B CN 105141448B CN 201510451557 A CN201510451557 A CN 201510451557A CN 105141448 B CN105141448 B CN 105141448B
Authority
CN
China
Prior art keywords
daily record
knowledge module
record knowledge
services end
log services
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510451557.1A
Other languages
Chinese (zh)
Other versions
CN105141448A (en
Inventor
郑建锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Cloud Computing Technologies Co Ltd
Original Assignee
Hangzhou Huawei Digital Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Huawei Digital Technologies Co Ltd filed Critical Hangzhou Huawei Digital Technologies Co Ltd
Priority to CN201510451557.1A priority Critical patent/CN105141448B/en
Publication of CN105141448A publication Critical patent/CN105141448A/en
Application granted granted Critical
Publication of CN105141448B publication Critical patent/CN105141448B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The present embodiments relate to a kind of acquisition method of daily record and devices, including:Daily record client reads at least one daily record knowledge module from daily record knowledge module list;The daily record knowledge module is executed, the journal file of corresponding operating system or application system is parsed, and acquires the object content information of the journal file;The object content information of acquisition is sent to log services end.Thus, it is possible to the comprehensive and applicability of the information of acquisition is improved, and acquisition method is simple, can greatly improve the efficiency of acquisition.

Description

A kind of acquisition method and device of daily record
Technical field
The present invention relates to information technology field more particularly to the acquisition methods and device of a kind of daily record.
Background technology
The application program of operating system (e.g., Windows, Linux etc.) and operation on server has corresponding daily record File, operating system have syslog file, application system to have using journal file.The server is had recorded in journal file to open The information such as dynamic, closing, user log in, application program is run.Information in acquisition system journal file and application journal file is right There is important work in the system failure, the application and trouble etc. of the system performance of Analysis server, application performance or diagnosis server With.
In the prior art, the mode for acquiring journal file mainly has:Based on Simple Network Management Protocol (Simple Network Management Protocol, SNMP) trap (Trap) acquisition mode, be based on system log (System Log, Sys log) agreement acquisition mode, be based on Telnet (Telnet) acquisition mode.However, due to being based on The acquisition mode of SNMP Trap is based on event driven, agency's only ability notifying management system when listening to failure, non-event Barrier information, which is not notified that, gives management system, causes the information that management system obtains not comprehensive as a result, in addition, which can only base The format for the message for carrying out, and acquiring in snmp protocol need to be defined individually, have certain limitation;Based on Sys log agreements Mode be used as transport protocol using user datagram protocol (User Datagram Protocol, UDP), can receive remote The journal file of journey system, however in this kind of mode, most application program writes daily record according to customized mode, does not support Sys log agreements, so usually which cannot obtain the letter of the journal file of various types operating system or application system Breath;Mode based on Telnet needs first to be remotely logged into Managed Client, and the information of journal file is obtained by command mode, Again by the mode of mail or File Transfer Protocol (Fi le Transfer Protocol, FTP) by the information of journal file It is sent to recipient, however which needs to manage Telnet information, and need to use mail server or FTP service Device has that safety difference and sending method are complicated.
To sum up, the acquisition method of daily record in the prior art is not comprehensive, poor for applicability in the presence of the information of acquisition and acquires The problem of mode complexity.
Invention content
An embodiment of the present invention provides a kind of acquisition methods of daily record, can improve the comprehensive and applicable of the information of acquisition Property, and acquisition method is simple, can greatly improve the efficiency of acquisition.
In a first aspect, providing a kind of acquisition method of daily record, this method includes:
Daily record client reads at least one daily record knowledge module from daily record knowledge module list;
The daily record knowledge module is executed, the journal file of corresponding operating system or application system is parsed, And acquire the object content information of the journal file;
The object content information of acquisition is sent to log services end.
With reference to first aspect, in the first realization method of first aspect, the daily record knowledge module include one or The multiple target components of person;
It is described to execute the daily record knowledge module, the journal file of corresponding operating system or application system is solved Analysis, and the object content information for acquiring the journal file includes:
The daily record knowledge module is executed, the journal file of corresponding operating system or application system is parsed, Obtain analysis result;
According to the target component, the parameter of the parameter consistent with the target component is acquired from the analysis result Value, using the parameter value of the parameter as the object content information of the journal file.
With reference to first aspect or the first realization method of first aspect, in second of realization method of first aspect, It is described to execute the daily record knowledge module and include:
Periodically execute the daily record knowledge module;And/or
When the size of the journal file is more than threshold value, the daily record knowledge module is executed.
With reference to first aspect or second of realization method of the first realization method of first aspect or first aspect, In the third realization method of one side, the method further includes:
Inquiry instruction is sent to the log services end, the inquiry instruction is used to indicate the log services end and is judging When having newer daily record knowledge module, the number of the newer daily record knowledge module is returned to the daily record client;
According to the number of the newer daily record knowledge module, obtains the newer daily record from the log services end and know Know module.
The third realization method with reference to first aspect, in the 4th kind of realization method of first aspect, the daily record clothes The newer daily record knowledge module at business end is the application by calling daily record knowledge module distribution site by the log services end Program Interfaces api function is obtained from the daily record knowledge module distribution site;Alternatively,
The newer daily record knowledge module at the log services end is obtained from storage medium by the log services end 's.
Any realization method with reference to first aspect or in above-mentioned four kinds of realization methods of first aspect, in first aspect In 5th kind of realization method, at least one daily record knowledge module is read from daily record knowledge module list in the daily record client Before, the method further includes:
According to the IP address and listening port at the log services end, to having opened the listening port and opened monitoring mould The log services end of formula sends test post;
Receive the confirmation message that the log services end is sent according to the test post received.
Second aspect, provides a kind of acquisition method of daily record, and this method includes:
Log services end obtains at least one daily record knowledge module;
When receiving the inquiry instruction of daily record client transmission, the daily record knowledge mould is returned to the daily record client The number of block;
Receive the acquisition instruction that the daily record client is sent according to the number of the daily record knowledge module;
According to the acquisition instruction, the daily record knowledge module is returned to the daily record client, so that the daily record is objective Family end executes the daily record knowledge module, is parsed to the journal file of corresponding operating system or application system, and adopt Collect the object content information of the journal file;
Receive the object content information of the daily record client acquisition.
In conjunction with second aspect, in the first realization method of second aspect, the log services end obtains at least one day Will knowledge module includes:
By calling the application programming interface api function of daily record knowledge module distribution site, from the daily record knowledge Module distribution site obtains at least one daily record knowledge module;Alternatively,
At least one daily record knowledge module is obtained from storage medium.
In conjunction with the first of second aspect or second aspect realization method, in second of realization method of second aspect, Before the log services end obtains at least one daily record knowledge module, the method further includes:
The log services end receives configuration-direct, according to the configuration-direct received, opens listening port, and open prison Listen pattern;
Receive the test post that the daily record client is sent;
According to the test post confirmation message is returned to the daily record client.
The third aspect, provides a kind of harvester of daily record, which includes:Reading unit, collecting unit and transmission Unit;
The reading unit, for reading at least one daily record knowledge module from daily record knowledge module list;
The collecting unit, the daily record knowledge module read for executing the reading unit, to operating accordingly The journal file of system or application system is parsed, and acquires the object content information of the journal file;
The transmission unit, for sending the object content information that the collecting unit acquires to log services end.
In conjunction with the third aspect, in the first realization method of the third aspect, the daily record knowledge module include one or The multiple target components of person;
The collecting unit is specifically used for:
The daily record knowledge module is executed, the journal file of corresponding operating system or application system is parsed, Obtain analysis result;
According to the target component, the parameter of the parameter consistent with the target component is acquired from the analysis result Value, using the parameter value of the parameter as the object content information of the journal file.
In conjunction with the first of the third aspect or the third aspect realization method, in second of realization method of the third aspect, The collecting unit is specifically used for:
Periodically execute the daily record knowledge module;And/or
When the size of the journal file is more than threshold value, the daily record knowledge module is executed.
In conjunction with the first of the third aspect or the third aspect realization method or second of realization method of the third aspect, In the third realization method of three aspects, described device further includes:Acquiring unit;
The transmission unit is additionally operable to send inquiry instruction to the log services end, and the inquiry instruction is used to indicate The log services end returns to the number of the newer daily record knowledge module when judging to have newer daily record knowledge module;
The acquiring unit is obtained for the number according to the newer daily record knowledge module from the log services end Take the newer daily record knowledge module.
In conjunction with the third realization method of the third aspect, in the 4th kind of realization method of the third aspect, the daily record clothes The newer daily record knowledge module at business end is the application by calling daily record knowledge module distribution site by the log services end Program Interfaces api function is obtained from the daily record knowledge module distribution site;Alternatively,
The newer daily record knowledge module at the log services end is obtained from storage medium by the log services end 's.
In conjunction with any realization method in above-mentioned four kinds of realization methods of the third aspect or the third aspect, in the third aspect In 5th kind of realization method, described device further includes:Receiving unit;
The transmission unit is additionally operable to IP address and listening port according to the log services end, described to having opened Listening port and the log services end transmission test post for opening listening mode;
The receiving unit, the confirmation sent according to the test post received for receiving the log services end Message.
Fourth aspect, provides a kind of harvester of daily record, which includes:Acquiring unit, transmission unit and reception Unit;
The acquiring unit, for obtaining at least one daily record knowledge module;
The transmission unit, for when receive daily record client transmission inquiry instruction when, to the daily record client Return to the number of the daily record knowledge module;
The receiving unit, the daily record knowledge sent according to the transmission unit for receiving the daily record client The acquisition instruction that the number of module is sent;
The transmission unit is additionally operable to the acquisition instruction received according to the receiving unit, to the daily record client End returns to the daily record knowledge module, so that daily record knowledge module described in the daily record client executing, is to operating accordingly System or the journal file of application system are parsed, and acquire the object content information of the journal file;
The receiving unit is additionally operable to receive the object content information of the daily record client acquisition.
In conjunction with fourth aspect, in the first realization method of fourth aspect, the acquiring unit is specifically used for:
By calling the application programming interface api function of daily record knowledge module distribution site, from the daily record knowledge Module distribution site obtains at least one daily record knowledge module;Alternatively,
At least one daily record knowledge module is obtained from storage medium.
In conjunction with the first of fourth aspect or fourth aspect realization method, in second of realization method of fourth aspect, Described device further includes:Start unit;
The receiving unit is additionally operable to receive configuration-direct;
The start unit, the configuration-direct for being received according to the receiving unit are opened listening port, and are opened Open listening mode;
The receiving unit is additionally operable to receive the test post that the daily record client is sent;
The transmission unit is additionally operable to return to confirmation message to the daily record client according to the test post.
The acquisition method and device of daily record provided in an embodiment of the present invention, daily record client is from daily record knowledge module list Read at least one daily record knowledge module;The daily record knowledge module is executed, to corresponding operating system or application system Journal file is parsed, and acquires the object content information of the journal file;It is sent described in acquisition to log services end Object content information.Thus, it is possible to the comprehensive and applicability of the information of acquisition is improved, and acquisition method is simple, it can be very big Improve the efficiency of acquisition in ground.
Description of the drawings
Fig. 1 is the acquisition method flow chart for the daily record that the embodiment of the present invention one provides;
Fig. 2 is the acquisition method schematic diagram of daily record provided by the invention;
Fig. 3 is the acquisition method flow chart of daily record provided by Embodiment 2 of the present invention;
Fig. 4 is the harvester schematic diagram for the daily record that the embodiment of the present invention three provides;
Fig. 5 is the harvester schematic diagram for the daily record that the embodiment of the present invention four provides;
Fig. 6 is the harvester schematic diagram for the daily record that the embodiment of the present invention five provides;
Fig. 7 is the harvester schematic diagram for the daily record that the embodiment of the present invention six provides.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art The every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
For ease of the understanding to the embodiment of the present invention, it is further explained with specific embodiment below in conjunction with attached drawing Bright, embodiment does not constitute the restriction to the embodiment of the present invention.
The acquisition method of daily record provided in an embodiment of the present invention is suitable for daily record client (Log Client) to various types of The operating system of type or the information of the journal file of application system are acquired, and by the information reporting of acquisition to log services Hold the scene of (Log Server).Herein, the number of daily record client (also referred to as log collection client or Collection agent) can Think one or more, can be deployed on the server being managed, the acquisition demand of server is managed for basis, It loads corresponding daily record knowledge module and obtains acquisition capacity, the information of the journal file of acquisition operations system or application system, And the information of acquisition is sent to log services end;And the number at log services end is generally one, can individually be deployed in On server, it can also be directly deployed in the virtual machine privileged operating system (Domain 0) of light load, for managing daily record The reception of the information in warehouse and journal file.It should be noted that above-mentioned server or the server being managed can be object Reason machine, or virtual machine (Virtual Machine, VM).
Fig. 1 is the acquisition method flow chart of daily record that the embodiment of the present invention one provides, and the executive agent of the method can be with For daily record client, as shown in Figure 1, the method can specifically include:
S110, daily record client read at least one daily record knowledge module from daily record knowledge module list.
Optionally, before executing step S110, the method can also include test log client and log services The step of communication link between end:
According to the IP address and listening port at the log services end, to having opened the listening port and opened monitoring mould The log services end of formula sends test post;
Receive the confirmation message that the log services end is sent according to the test post received.
After i.e. daily record server-side is disposed well on the server, need to open 7705 ports in the configuration of server, this Outside, it is also necessary to start and monitor service routine (opening listening mode), to ensure the communication of daily record client and log services end. Daily record client needs the IP address and listening port 7705 at specified log services end when being disposed on the server being managed, and After deployment is good, according to the IP address at log services end and listening port 7705, listening port 7705 has been opened to above-mentioned, and The log services end for opening listening mode sends test post;If daily record client receives confirmation message, illustrate daily record visitor Communication link between family end and log services end is normal;If daily record client does not receive confirmation message, need to check The installation environment for the server being managed, such as fire wall setting, change configuration, or reinstall log services end and daily record Client, until daily record client receives confirmation message.
Daily record client local maintenance daily record knowledge module list (Kmod Set) in step S110, the daily record knowledge mould Block list includes one or more daily record knowledge modules, each daily record knowledge mould in the one or more daily record knowledge module Block and operating system correspond, alternatively, each daily record knowledge module is corresponded with application system, be by programmer according to What corresponding operating system or application system write in advance.It specifically, can be defined in daily record knowledge module to corresponding Operating system or application system journal file execute various operations, above-mentioned journal file location information, format letter Breath;In addition, daily record knowledge module can also include one or more target components and its meaning, the target component can be following One or more information:Timestamp, program identification (also referred to as acquisition target) and index value etc..
The content of the above-mentioned daily record knowledge module write can be the form of script file, usually with individual file (e.g., * .kmod) exists, and constantly can work out and expand according to demand, e.g., when the corresponding operating system of daily record knowledge module Either application system can then carry out again the daily record knowledge module in update (e.g. newly-increased, modification is deleted) function It writes, and is compiled and issues again.
The acquisition method schematic diagram of daily record shown in Figure 2 can be with after programmer writes daily record knowledge module The daily record knowledge module that this writes is uploaded into daily record knowledge module distribution site (Kmod Release Site), alternatively, Can the daily record knowledge module that this writes directly be copied into storage medium (e.g., USB flash disk or CD etc.);If the day write Will knowledge module has copied to storage medium, then when daily record server-side is when being connected to above-mentioned storage medium, so that it may with directly from The above-mentioned daily record knowledge module write is copied in storage medium;And if the daily record knowledge module write uploads to daily record knowledge Module distribution site, then log services end can externally be provided according to local daily record knowledge module distribution site is stored in advance in Application programming interface (Application Programming Interface, API) function come on inquiring or obtaining The daily record knowledge module write is stated, in a kind of specific implementation, log services end can store in configuration file State api function.
For example, log services end can send " http to daily record knowledge module distribution site:// Kmodreleasesite.com/updated/ " come inquire whether have newer daily record knowledge module (including:Newly-increased daily record is known The daily record knowledge module known module and changed), when daily record knowledge module distribution site returns to 1, then it represents that have newer day Will knowledge module;And when daily record knowledge module distribution site returns to 0, then it represents that without newer daily record knowledge module.For another example, Log services end can send " http to daily record knowledge module distribution site://kmodreleasesite.com/ Newkmods/ " obtains the information of all newer daily record knowledge modules;Alternatively, log services end can be to daily record knowledge mould Block distribution site sends " http://kmodreleasesite.com/newkmods/101/ " obtains all newer daily records The information for the daily record knowledge module that number is 101 in knowledge module.
It is understood that when initial, log services end also have not been obtained take office when will knowledge module when, daily record knowledge All daily record knowledge modules write in advance stored on module distribution site are newer daily record knowledge module, that is, When initial, log services end can obtain all daily record knowledge modules of daily record knowledge module distribution site.
In Fig. 2, log services end is getting newer daily record from storage medium or daily record knowledge module transmitting station After knowledge module, newer daily record knowledge module can be stored in local daily record warehouse (Kmod Reponsitory) In, newer daily record knowledge module is marked the distributor (Kmod Distributor) at log services end namely daily record Server-side is configurable to the distribution of daily record knowledge module.When daily record server-side receives the inquiry instruction of daily record client transmission When, the number of the daily record knowledge module (namely newer daily record knowledge module) of label, later, daily record are sent to daily record client Client obtains the daily record knowledge module of label from log services end according to the number of the daily record knowledge module of label, and will obtain The daily record knowledge module of the label taken is stored in daily record knowledge module list (Kmod Set).
It should be noted that from the above, it is seen that one or more daily record knowledge in daily record knowledge module list Module is obtained by daily record client, listening port may not necessarily be thus opened in daily record client, namely ensure The safety of daily record client and the unicity of function.In addition, in above process, daily record client is from log services End obtains daily record knowledge module, rather than is obtained from daily record knowledge module distribution site, it ensure that net where daily record client The independence of network and the flexibility of configuration.
S120 executes the daily record knowledge module, is carried out to the journal file of corresponding operating system or application system Parsing, and acquire the object content information of the journal file.
It optionally, can adding by daily record client after reading at least one daily record knowledge module in step s 110 It carries device (Kmod Loader) and loads above-mentioned at least one daily record knowledge module, later by the executive module of daily record client (Executor) above-mentioned at least one daily record knowledge module is executed, wherein the daily record knowledge module tool is executed in step S120 Body may include:
Periodically execute the daily record knowledge module;And/or
When the size of the journal file is more than threshold value, the daily record knowledge module is executed.
I.e. daily record client can periodically (i.e. according to pre-set acquisition time interval) execution journal knowledge module, Alternatively, threshold value can also be more than in the size of the journal file of the corresponding operating system of daily record knowledge module or application system When, execution journal knowledge module, alternatively, when meeting above-mentioned two condition at the same time, execution journal knowledge module, e.g., periodically Judge whether the size of corresponding journal file is more than threshold value, if more than then execution journal execution module.It should be noted that When the number of daily record knowledge module is multiple, then can in turn be executed successively in one cycle multiple according to polling algorithm Each daily record knowledge module in daily record knowledge module;Alternatively, judging each daily record knowledge mould in turn successively in one cycle Whether the size of the corresponding journal file of block is more than threshold value, and the size of execution journal file is more than the daily record knowledge mould of threshold value Block.
Further, the step S120 can further include:
The daily record knowledge module is executed, the journal file of corresponding operating system or application system is parsed, Obtain analysis result;
According to the target component, the parameter of the parameter consistent with the target component is acquired from the analysis result Value, using the parameter value of the parameter as the object content information of the journal file.
It, can be first according to daily record knowledge in each daily record knowledge module in executing at least one daily record knowledge module The location information of the journal file of corresponding operating system or application system defined in module, obtains above-mentioned journal file; The various operations defined in daily record knowledge module parse the journal file later, e.g., to the word in journal file Symbol string is parsed, and obtains analysis result, which may include multiple parameters and parameter value.Daily record knowledge module can To be compared target component and the multiple parameters in analysis result one by one, and acquire the parameter of parameter when comparing consistent Value can then collect the parameter value of multiple parameters when target component is multiple, and using the parameter value of multiple parameter as The object content information of journal file.Can also be that above-mentioned object content information adds the time in a kind of specific implementation Identifier.
S130 sends the object content information of acquisition to log services end.
Referring to Fig. 2, daily record client is in running log knowledge module, can will and after collecting object content information Object content information or object content information and time identifier are sent to log services end, daily record clothes by message form End be engaged in after receiving above-mentioned object content information or object content information and time identifier, it can be by object content Log database (e.g., NoSQL databases) is recorded in information or object content information and time identifier, then by analyst (Analyzer) it is analyzed, and is shown by journal displaying module (LogView).
Optionally, the embodiment of the present invention can also include:
Inquiry instruction is sent to the log services end, the inquiry instruction is used to indicate the log services end and is judging When having newer daily record knowledge module, the number of the newer daily record knowledge module is returned to the daily record client;
According to the number of the newer daily record knowledge module, obtains the newer daily record from the log services end and know Know module.
Herein, newer daily record knowledge module includes:Newly-increased daily record knowledge module and the daily record knowledge mould changed Block.
It should be noted that when need to new operating system either application system is monitored or tracks when, then need Acquire the journal file of the new operating system or application system, also with regard to need rewrite the operating system new with this or The corresponding daily record knowledge module (e.g., NewApp.Kmod) of person's application system;After newly-increased daily record knowledge module writes, Re-start compiling and publication.Herein, newly-increased daily record knowledge module can be issued directly in daily record knowledge module published station Point is copied directly in storage medium, is externally provided by daily record knowledge module distribution site by log services end later Api function obtains above-mentioned newly-increased daily record knowledge module, knows alternatively, directly copying above-mentioned newly-increased daily record from storage medium Know module, and the newly-increased daily record knowledge module of acquisition is stored in local daily record warehouse, and by distributor to newly-increased Daily record knowledge module be marked.
When markd daily record knowledge module in the daily record warehouse of daily record server-side local (namely has newly-increased daily record knowledge Module) when, then in the inquiry instruction for receiving the transmission of daily record client, newly-increased daily record knowledge mould is returned to daily record client The number of block;Daily record client obtains the newly-increased day according to the number of the newly-increased daily record knowledge module from log services end Will knowledge module, and be stored in local daily record knowledge module list.
If in addition, current operating system or the application system upgrading (or more new function) for monitoring either tracking When, then it needs that corresponding daily record knowledge module is rewritten and (changes daily record knowledge module), and be compiled again And publication.Herein, the daily record knowledge module changed can directly be issued in daily record knowledge module distribution site or directly multiple It makes in storage medium, the api function that is externally provided by daily record knowledge module distribution site by log services end later obtains The above-mentioned daily record knowledge module changed is taken, alternatively, the above-mentioned daily record knowledge module changed directly is copied from storage medium, And the daily record knowledge module of acquisition changed is stored in local daily record warehouse, and by distributor to day for being changed Will knowledge module is marked.
When markd daily record knowledge module in the daily record warehouse of daily record server-side local (namely has the daily record changed to know Know module) when, then in the inquiry instruction for receiving the transmission of daily record client, returns to the daily record changed to daily record client and know Know the number of module;Daily record client obtains the quilt according to the number of the daily record knowledge module changed from log services end The daily record knowledge module of modification, and update the daily record knowledge mould before the modification stored in local daily record knowledge module list Block.
As seen from the above, it in the embodiment of the present invention, is acquired in the journal file of new application system or operating system When demand generates, daily record knowledge module only need to be write and increase newly, without changing daily record client and log services end generation Code, to greatly improve the present invention daily record acquisition method scalability and maintainability.In addition, the day of the present invention Will server-side can update local daily record knowledge module in several ways, so as to be applicable in multiple network environment.
The acquisition method of daily record provided in an embodiment of the present invention, daily record client read from daily record knowledge module list to A few daily record knowledge module;The daily record knowledge module is executed, to the daily record text of corresponding operating system or application system Part is parsed, and acquires the object content information of the journal file;In the target for sending acquisition to log services end Hold information.Thus, it is possible to the comprehensive and applicability of the information of acquisition is improved, and acquisition method is simple, can greatly improve The efficiency of acquisition.
Fig. 3 is the acquisition method flow chart of daily record provided by Embodiment 2 of the present invention, and the executive agent of the method can be with For log services end, as shown in figure 3, the method can specifically include:
S310, log services end obtain at least one daily record knowledge module.
Optionally, before executing step S310, the method can also include test log client and log services The step of communication link between end:
The log services end receives configuration-direct, according to the configuration-direct received, opens listening port, and open prison Listen pattern;
Receive the test post that the daily record client is sent;
According to the test post confirmation message is returned to the daily record client.
After i.e. daily record server-side is disposed well on the server, need to open 7705 ports in the configuration of server, this Outside, it is also necessary to start and monitor service routine (opening listening mode), to ensure the communication of daily record client and log services end. Daily record client needs the IP address and listening port 7705 at specified log services end when being disposed on the server being managed, and After deployment is good, according to the IP address at log services end and listening port 7705, listening port 7705 has been opened to above-mentioned, and The log services end for opening listening mode sends test post;If daily record client receives confirmation message, illustrate daily record visitor Communication link between family end and log services end is normal;If daily record client does not receive confirmation message, need to check The installation environment for the server being managed, such as fire wall setting, change configuration, or reinstall log services end and daily record Client, until daily record client receives confirmation message.
It returns in S310, log services end can obtain at least one daily record knowledge module by two ways:The first Mode is, by calling the application programming interface api function of daily record knowledge module distribution site, from the daily record knowledge mould Block distribution site obtains at least one daily record knowledge module;The second way is that at least one daily record is obtained from storage medium Knowledge module.
First way, for example, log services end can store above-mentioned api function in configuration file, specifically, Log services end can send " http to daily record knowledge module distribution site://kmodreleasesite.com/updated/” Come inquire whether have newer daily record knowledge module (including:Newly-increased daily record knowledge module and the daily record knowledge mould changed Block), when daily record knowledge module distribution site returns to 1, then it represents that have newer daily record knowledge module;And work as daily record knowledge module When distribution site returns to 0, then it represents that without newer daily record knowledge module.For another example, log services end can be to daily record knowledge mould Block distribution site sends " http://kmodreleasesite.com/newkmods/ " obtains all newer daily record knowledge The information of module;Alternatively, log services end can send " http to daily record knowledge module distribution site:// Kmodreleasesite.com/newkmods/101/ " obtains the day that number is 101 in all newer daily record knowledge modules The information of will knowledge module.
It is understood that when initial, log services end also have not been obtained take office when will knowledge module when, daily record knowledge All daily record knowledge modules write in advance stored on module distribution site are newer daily record knowledge module, that is, When initial, log services end can obtain all daily record knowledge modules of daily record knowledge module distribution site.
In Fig. 2, log services end after getting newer daily record knowledge module from daily record knowledge module transmitting station, Newer daily record knowledge module can be stored in local daily record warehouse (Kmod Reponsitory), log services end Newer daily record knowledge module is marked distributor (Kmod Distributor) namely log services end is to daily record knowledge The distribution of module is configurable.
The second way, log services end directly obtains at least one daily record knowledge module from storage medium, and will obtain At least one daily record knowledge module taken is stored in local daily record warehouse, the daily record of the distributor at log services end to acquisition Knowledge module is marked.
S320 returns to the daily record when receiving the inquiry instruction of daily record client transmission to the daily record client The number of knowledge module.
S330 receives the acquisition instruction that the daily record client is sent according to the number of the daily record knowledge module.
S340 returns to the daily record knowledge module, so that the day according to the acquisition instruction to the daily record client Daily record knowledge module described in will client executing, parses the journal file of corresponding operating system or application system, And acquire the object content information of the journal file.
When daily record server-side receives the inquiry instruction of daily record client transmission, the day of label is sent to daily record client The number of will knowledge module (namely newer daily record knowledge module), later, daily record client is according to the daily record knowledge mould of label The number of block obtains the daily record knowledge module of label from log services end, and the daily record knowledge module of the label of acquisition is stored In daily record knowledge module list (Kmod Set).
Optionally, in step S340 daily record client receive log services end return daily record knowledge module it Afterwards, can above-mentioned daily record knowledge module be loaded by the loader of daily record client, is held later by the executive module of daily record client The above-mentioned daily record knowledge module of row, wherein execute the daily record knowledge module and can specifically include:
Periodically execute the daily record knowledge module;And/or
When the size of the journal file is more than threshold value, the daily record knowledge module is executed.
I.e. daily record client can periodically (i.e. according to pre-set acquisition time interval) execution journal knowledge module, Alternatively, threshold value can also be more than in the size of the journal file of the corresponding operating system of daily record knowledge module or application system When, execution journal knowledge module, alternatively, when meeting above-mentioned two condition at the same time, execution journal knowledge module, e.g., periodically Judge whether the size of corresponding journal file is more than threshold value, if more than then execution journal execution module.It should be noted that When the number of daily record knowledge module is multiple, then can in turn be executed successively in one cycle multiple according to polling algorithm Each daily record knowledge module in daily record knowledge module;Alternatively, judging each daily record knowledge mould in turn successively in one cycle Whether the size of the corresponding journal file of block is more than threshold value, and the size of execution journal file is more than the daily record knowledge mould of threshold value Block.
Further, the daily record knowledge module is executed to can further include:
The daily record knowledge module is executed, the journal file of corresponding operating system or application system is parsed, Obtain analysis result;
According to the target component, the parameter of the parameter consistent with the target component is acquired from the analysis result Value, using the parameter value of the parameter as the object content information of the journal file.
It, can be first according to daily record knowledge in each daily record knowledge module in executing at least one daily record knowledge module The location information of the journal file of corresponding operating system or application system defined in module, obtains above-mentioned journal file; The various operations defined in daily record knowledge module parse the journal file later, e.g., to the word in journal file Symbol string is parsed, and obtains analysis result, which may include multiple parameters and parameter value.Daily record knowledge module can To be compared target component and the multiple parameters in analysis result one by one, and acquire the parameter of parameter when comparing consistent Value can then collect the parameter value of multiple parameters when target component is multiple, and using the parameter value of multiple parameter as The object content information of journal file.Can also be that above-mentioned object content information adds the time in a kind of specific implementation Identifier.
S350 receives the object content information of the daily record client acquisition.
Referring to Fig. 2, daily record client is in running log knowledge module, can will and after collecting object content information Object content information or object content information and time identifier are sent to log services end, daily record clothes by message form End be engaged in after receiving above-mentioned object content information or object content information and time identifier, it can be by object content Log database (e.g., NoSQL databases) is recorded in information or object content information and time identifier, then by analyst (Analyzer) it is analyzed, and is shown by journal displaying module (LogView).
It should be noted that when need to new operating system either application system is monitored or tracks when, then need Acquire the journal file of the new operating system or application system, also with regard to need rewrite the operating system new with this or The corresponding daily record knowledge module (e.g., NewApp.Kmod) of person's application system;After newly-increased daily record knowledge module writes, Re-start compiling and publication.Herein, newly-increased daily record knowledge module can be issued directly in daily record knowledge module published station Point is copied directly in storage medium, is externally provided by daily record knowledge module distribution site by log services end later Api function obtains above-mentioned newly-increased daily record knowledge module, knows alternatively, directly copying above-mentioned newly-increased daily record from storage medium Know module, and the newly-increased daily record knowledge module of acquisition is stored in local daily record warehouse, and by distributor to newly-increased Daily record knowledge module be marked.
When markd daily record knowledge module in the daily record warehouse of daily record server-side local (namely has newly-increased daily record knowledge Module) when, then in the inquiry instruction for receiving the transmission of daily record client, newly-increased daily record knowledge mould is returned to daily record client The number of block;Daily record client obtains the newly-increased day according to the number of the newly-increased daily record knowledge module from log services end Will knowledge module, and be stored in local daily record knowledge module list.
If in addition, current operating system or the application system upgrading (or more new function) for monitoring either tracking When, then it needs that corresponding daily record knowledge module is rewritten and (changes daily record knowledge module), and be compiled again And publication.Herein, the daily record knowledge module changed can directly be issued in daily record knowledge module distribution site or directly multiple It makes in storage medium, the api function that is externally provided by daily record knowledge module distribution site by log services end later obtains The above-mentioned daily record knowledge module changed is taken, alternatively, the above-mentioned daily record knowledge module changed directly is copied from storage medium, And the daily record knowledge module of acquisition changed is stored in local daily record warehouse, and by distributor to day for being changed Will knowledge module is marked.
When markd daily record knowledge module in the daily record warehouse of daily record server-side local (namely has the daily record changed to know Know module) when, then in the inquiry instruction for receiving the transmission of daily record client, returns to the daily record changed to daily record client and know Know the number of module;Daily record client obtains the quilt according to the number of the daily record knowledge module changed from log services end The daily record knowledge module of modification, and update the daily record knowledge mould before the modification stored in local daily record knowledge module list Block.
As seen from the above, it in the embodiment of the present invention, is acquired in the journal file of new application system or operating system When demand generates, daily record knowledge module only need to be write and increase newly, without changing daily record client and log services end generation Code, to greatly improve the present invention daily record acquisition method scalability and maintainability.In addition, the day of the present invention Will server-side can update local daily record knowledge module in several ways, so as to be applicable in multiple network environment.
The acquisition method of daily record provided in an embodiment of the present invention, log services end obtain at least one daily record knowledge module; When receiving the inquiry instruction of daily record client transmission, the volume of the daily record knowledge module is returned to the daily record client Number;Receive the acquisition instruction that the daily record client is sent according to the number of the daily record knowledge module;Referred to according to the acquisition It enables, the daily record knowledge module is returned to the daily record client, so that daily record knowledge mould described in the daily record client executing Block parses the journal file of corresponding operating system or application system, and acquires in the target of the journal file Hold information;Receive the object content information of the daily record client acquisition.Thus, it is possible to improve the comprehensive of the information of acquisition Property and applicability, and acquisition method is simple, can greatly improve the efficiency of acquisition.
Fig. 4 is the harvester schematic diagram for the daily record that the embodiment of the present invention three provides.Described device can be used for executing Fig. 1 The method.In Fig. 4, which includes:Reading unit 401, collecting unit 402 and transmission unit 403.
Reading unit 401, for reading at least one daily record knowledge module from daily record knowledge module list.
Collecting unit 402, the daily record knowledge module for executing the reading of reading unit 401 are to operating accordingly System or the journal file of application system are parsed, and acquire the object content information of the journal file.
Optionally, the daily record knowledge module includes one or more target component;
Collecting unit 402 is specifically used for:
The daily record knowledge module is executed, the journal file of corresponding operating system or application system is parsed, Obtain analysis result;
According to the target component, the parameter of the parameter consistent with the target component is acquired from the analysis result Value, using the parameter value of the parameter as the object content information of the journal file.
Optionally, collecting unit 402 is specifically used for:
Periodically execute the daily record knowledge module;And/or
When the size of the journal file is more than threshold value, the daily record knowledge module is executed.
Transmission unit 403, for sending the object content information that collecting unit 402 acquires to log services end.
Optionally, described device further includes:Acquiring unit 404;
Transmission unit 403 is additionally operable to send inquiry instruction to the log services end, and the inquiry instruction is used to indicate institute Log services end is stated when judging to have newer daily record knowledge module, returns to the number of the newer daily record knowledge module;
Acquiring unit 404 is obtained for the number according to the newer daily record knowledge module from the log services end The newer daily record knowledge module.
Wherein, the newer daily record knowledge module at the log services end is by the log services end by calling daily record The application programming interface api function of knowledge module distribution site is obtained from the daily record knowledge module distribution site;Or Person,
The newer daily record knowledge module at the log services end is obtained from storage medium by the log services end 's.
Optionally, described device further includes:Receiving unit 405;
Transmission unit 403 is additionally operable to IP address and listening port according to the log services end, to having opened the prison It listens port and opens the log services end transmission test post of listening mode;
Receiving unit 405, the confirmation sent according to the test post received for receiving the log services end Message.
The function of each function module of device of the embodiment of the present invention, can be by each step of above method embodiment come real Existing, therefore, the specific work process of device provided by the invention does not repeat again herein.
The harvester of the daily record of the embodiment of the present invention, reading unit 401 are read at least from daily record knowledge module list One daily record knowledge module;Collecting unit 402 executes the daily record knowledge module, to corresponding operating system or application system Journal file parsed, and acquire the object content information of the journal file;Transmission unit 403 is sent out to log services end Send the object content information of acquisition.Thus, it is possible to the comprehensive and applicability of the information of acquisition is improved, and acquisition method letter It is single, the efficiency of acquisition can be greatlyd improve.In addition, the harvester of the daily record of the embodiment of the present invention still has installation and deployment The characteristics of simple and applied widely (can be applied to physical machine and virtual machine).
Fig. 5 is the harvester schematic diagram for the daily record that the embodiment of the present invention four provides.Described device can be used for executing Fig. 3 The method.In Fig. 5, which includes:Acquiring unit 501, transmission unit 502 and receiving unit 503.
Acquiring unit 501, for obtaining at least one daily record knowledge module.
Wherein, acquiring unit 501 is specifically used for:
By calling the application programming interface api function of daily record knowledge module distribution site, from the daily record knowledge Module distribution site obtains at least one daily record knowledge module;Alternatively,
At least one daily record knowledge module is obtained from storage medium.
Transmission unit 502, for when receiving the inquiry instruction of daily record client transmission, being returned to the daily record client Return the number of the daily record knowledge module.
Receiving unit 503, the daily record knowledge mould sent according to transmission unit 502 for receiving the daily record client The acquisition instruction that the number of block is sent.
Transmission unit 502 is additionally operable to the acquisition instruction received according to receiving unit 503, to the daily record client The daily record knowledge module is returned, so that daily record knowledge module described in the daily record client executing, to corresponding operating system Or the journal file of application system is parsed, and acquire the object content information of the journal file.
Receiving unit 503 is additionally operable to receive the object content information of the daily record client acquisition.
Optionally, described device further includes:Start unit 504;
Receiving unit 503 is additionally operable to receive configuration-direct;
Start unit 504, the configuration-direct for being received according to receiving unit 503 are opened listening port, and are opened Listening mode;
Receiving unit 503 is additionally operable to receive the test post that the daily record client is sent;
Transmission unit 502 is additionally operable to return to confirmation message to the daily record client according to the test post.
The function of each function module of device of the embodiment of the present invention, can be by each step of above method embodiment come real Existing, therefore, the specific work process of device provided by the invention does not repeat again herein.
The harvester of the daily record of the embodiment of the present invention, acquiring unit 501 obtain at least one daily record knowledge module;It sends Unit 502 returns to the daily record knowledge mould when receiving the inquiry instruction of daily record client transmission to the daily record client The number of block;Receiving unit 503 receives the daily record client and is referred to according to the acquisition that the number of the daily record knowledge module is sent It enables;Transmission unit 502 returns to the daily record knowledge module according to the acquisition instruction, to the daily record client, so that described Daily record knowledge module described in daily record client executing, solves the journal file of corresponding operating system or application system Analysis, and acquire the object content information of the journal file;Receiving unit 503 receives the mesh of the daily record client acquisition Mark content information.Thus, it is possible to the comprehensive and applicability of the information of acquisition is improved, and acquisition method is simple, it can be greatly Improve the efficiency of acquisition.In addition, the harvester of the daily record of the embodiment of the present invention still has installation and deployment simple and applicable model The characteristics of enclosing extensive (can be applied to physical machine and virtual machine).
Fig. 6 is the harvester schematic diagram for the daily record that the embodiment of the present invention five provides.As shown in fig. 6, described device includes: Transmitter 601, processor 602 and bus 603, wherein transmitter 601 and processor 602 are communicated by bus 603.
For example, processor 602 can be CPU.
Described device can also include communication interface 604, and communication interface 604 is connect by bus 603 with processor 602, For being communicated with miscellaneous equipment.
Described device can also include memory 605, and memory 605 connects also by system bus 603 and processor 602 It connects.Memory 605 can be permanent memory, such as hard disk drive and flash memory, have software module in memory 605 and set Standby driver.Software module is able to carry out the various functions module of the above method of the present invention;Device driver can be net Network and interface drive program.
Processor 602, for reading at least one daily record knowledge module from daily record knowledge module list.
Processor 602 was additionally operable to execute the daily record knowledge module, to the day of corresponding operating system or application system Will file is parsed, and acquires the object content information of the journal file.
Transmitter 601, the object content information for sending acquisition to log services end.
Optionally, the daily record knowledge module includes one or more target component;
Processor 602 is specifically used for:The daily record knowledge module is executed, to corresponding operating system or application system Journal file is parsed, and analysis result is obtained;
According to the target component, the parameter of the parameter consistent with the target component is acquired from the analysis result Value, using the parameter value of the parameter as the object content information of the journal file.
Optionally, the execution daily record knowledge module includes:
Periodically execute the daily record knowledge module;And/or
When the size of the journal file is more than threshold value, the daily record knowledge module is executed.
Optionally, transmitter 601 are additionally operable to send inquiry instruction to the log services end, and the inquiry instruction is used for The log services end is indicated when judging to have newer daily record knowledge module, is returned to the daily record client described newer The number of daily record knowledge module;
Processor 602 is additionally operable to the number according to the newer daily record knowledge module, is obtained from the log services end The newer daily record knowledge module.
Wherein, the newer daily record knowledge module at the log services end is by the log services end by calling daily record The application programming interface api function of knowledge module distribution site is obtained from the daily record knowledge module distribution site;Or Person,
The newer daily record knowledge module at the log services end is obtained from storage medium by the log services end 's.
Optionally, described device further includes:Receiver 606;
Transmitter 601 is additionally operable to IP address and listening port according to the log services end, to having opened the monitoring Port and the log services end transmission test post for opening listening mode;
Receiver 606 disappears for receiving the log services end according to the confirmation that the test post received is sent Breath.
The harvester of the daily record of the embodiment of the present invention, can improve the comprehensive and applicability of the information of acquisition, and adopt Set method is simple, can greatly improve the efficiency of acquisition.
Fig. 7 is the harvester schematic diagram for the daily record that the embodiment of the present invention six provides.As shown in fig. 7, described device includes: Receiver 701, transmitter 702, processor 703 and bus 704, wherein receiver 701, transmitter 702 and processor 703 are logical Cross the communication of bus 704.
For example, processor 703 can be CPU.
Described device can also include communication interface 705, and communication interface 705 is connect by bus 704 with processor 703, For being communicated with miscellaneous equipment.
Described device can also include memory 706, and memory 706 connects also by system bus 704 and processor 703 It connects.Memory 706 can be permanent memory, such as hard disk drive and flash memory, have software module in memory 706 and set Standby driver.Software module is able to carry out the various functions module of the above method of the present invention;Device driver can be net Network and interface drive program.
Receiver 701, for obtaining at least one daily record knowledge module.
Optionally, receiver 701 is specifically used for:By calling the application programming of daily record knowledge module distribution site to connect Mouth api function obtains at least one daily record knowledge module from the daily record knowledge module distribution site;Alternatively,
At least one daily record knowledge module is obtained from storage medium.
Transmitter 702, for when receiving the inquiry instruction of daily record client transmission, being returned to the daily record client The number of the daily record knowledge module.
Receiver 701 is additionally operable to receive obtaining for number transmission of the daily record client according to the daily record knowledge module Instruction fetch.
Transmitter 702, is additionally operable to according to the acquisition instruction, and the daily record knowledge mould is returned to the daily record client Block, so that daily record knowledge module described in the daily record client executing, the daily record to corresponding operating system or application system File is parsed, and acquires the object content information of the journal file.
Transmitter 702 is additionally operable to receive the object content information of the daily record client acquisition.
Optionally, receiver 701 are additionally operable to receive configuration-direct;
Processor 703, for according to the configuration-direct received, opening listening port, and open listening mode;
Receiver 701 is additionally operable to receive the test post that the daily record client is sent;
Transmitter 702 is additionally operable to return to confirmation message to the daily record client according to the test post.
The harvester of the daily record of the embodiment of the present invention, can improve the comprehensive and applicability of the information of acquisition, and adopt Set method is simple, can greatly improve the efficiency of acquisition.
Professional should further appreciate that, described in conjunction with the examples disclosed in the embodiments of the present disclosure Unit and algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, hard in order to clearly demonstrate The interchangeability of part and software generally describes each exemplary composition and step according to function in the above description. These functions are implemented in hardware or software actually, depend on the specific application and design constraint of technical solution. Professional technician can use different methods to achieve the described function each specific application, but this realization It should not be considered as beyond the scope of the present invention.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can use hardware, processor to execute The combination of software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only memory (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field In any other form of storage medium well known to interior.
Above-described specific implementation mode has carried out further the purpose of the present invention, technical solution and advantageous effect It is described in detail, it should be understood that the foregoing is merely the specific implementation mode of the present invention, is not intended to limit the present invention Protection domain, all within the spirits and principles of the present invention, any modification, equivalent substitution, improvement and etc. done should all include Within protection scope of the present invention.

Claims (18)

1. a kind of acquisition method of daily record, which is characterized in that the method includes:
Daily record client reads at least one daily record knowledge module from daily record knowledge module list, wherein each daily record knowledge Module is corresponded with operating system, alternatively, each daily record knowledge module is corresponded with application system;
The daily record knowledge module is executed, the journal file of corresponding operating system or application system is parsed, and adopts Collect the object content information of the journal file;
The object content information of acquisition is sent to log services end.
2. according to the method described in claim 1, it is characterized in that, the daily record knowledge module includes one or more target Parameter;
It is described to execute the daily record knowledge module, the journal file of corresponding operating system or application system is parsed, And the object content information for acquiring the journal file includes:
The daily record knowledge module is executed, the journal file of corresponding operating system or application system is parsed, is obtained Analysis result;
According to the target component, the parameter value of the parameter consistent with the target component is acquired from the analysis result, Using the parameter value of the parameter as the object content information of the journal file.
3. method according to claim 1 or 2, which is characterized in that described to execute the daily record knowledge module and include:
Periodically execute the daily record knowledge module;And/or
When the size of the journal file is more than threshold value, the daily record knowledge module is executed.
4. according to the method described in claim 3, it is characterized in that, the method further includes:
Inquiry instruction is sent to the log services end, the inquiry instruction is used to indicate the log services end and is judging have more When new daily record knowledge module, the number of the newer daily record knowledge module is returned to the daily record client;
According to the number of the newer daily record knowledge module, the newer daily record knowledge mould is obtained from the log services end Block.
5. according to the method described in claim 4, it is characterized in that, the newer daily record knowledge module at the log services end is By the log services end by calling the application programming interface api function of daily record knowledge module distribution site, from described What daily record knowledge module distribution site obtained;Alternatively,
The newer daily record knowledge module at the log services end is obtained by the log services end from storage medium.
6. according to the method described in claim 5, it is characterized in that, in the daily record client from daily record knowledge module list Before reading at least one daily record knowledge module, the method further includes:
According to the IP address and listening port at the log services end, to having opened the listening port and opened listening mode The log services end sends test post;
Receive the confirmation message that the log services end is sent according to the test post received.
7. a kind of acquisition method of daily record, which is characterized in that the method includes:
Log services end obtains at least one daily record knowledge module, wherein each daily record knowledge module and operating system one are a pair of It answers, alternatively, each daily record knowledge module is corresponded with application system;
When receiving the inquiry instruction of daily record client transmission, the daily record knowledge module is returned to the daily record client Number;
Receive the acquisition instruction that the daily record client is sent according to the number of the daily record knowledge module;
According to the acquisition instruction, the daily record knowledge module is returned to the daily record client, so that the daily record client The daily record knowledge module is executed, the journal file of corresponding operating system or application system is parsed, and acquires institute State the object content information of journal file;
Receive the object content information of the daily record client acquisition.
8. the method according to the description of claim 7 is characterized in that the log services end obtains at least one daily record knowledge mould Block includes:
By calling the application programming interface api function of daily record knowledge module distribution site, from the daily record knowledge module Distribution site obtains at least one daily record knowledge module;Alternatively,
At least one daily record knowledge module is obtained from storage medium.
9. method according to claim 7 or 8, which is characterized in that obtain at least one daily record at the log services end Before knowledge module, the method further includes:
The log services end receives configuration-direct, according to the configuration-direct received, opens listening port, and open monitoring mould Formula;
Receive the test post that the daily record client is sent;
According to the test post confirmation message is returned to the daily record client.
10. a kind of harvester of daily record, which is characterized in that described device includes:Reading unit, collecting unit and transmission are single Member;
The reading unit, for reading at least one daily record knowledge module from daily record knowledge module list, wherein Mei Ge Will knowledge module is corresponded with operating system, alternatively, each daily record knowledge module is corresponded with application system;
The collecting unit, the daily record knowledge module read for executing the reading unit, to corresponding operating system Or the journal file of application system is parsed, and acquire the object content information of the journal file;
The transmission unit, for sending the object content information that the collecting unit acquires to log services end.
11. device according to claim 10, which is characterized in that the daily record knowledge module includes one or more mesh Mark parameter;
The collecting unit is specifically used for:
The daily record knowledge module is executed, the journal file of corresponding operating system or application system is parsed, is obtained Analysis result;
According to the target component, the parameter value of the parameter consistent with the target component is acquired from the analysis result, Using the parameter value of the parameter as the object content information of the journal file.
12. the device according to claim 10 or 11, which is characterized in that the collecting unit is specifically used for:
Periodically execute the daily record knowledge module;And/or
When the size of the journal file is more than threshold value, the daily record knowledge module is executed.
13. device according to claim 12, which is characterized in that described device further includes:Acquiring unit;
The transmission unit is additionally operable to send inquiry instruction to the log services end, and the inquiry instruction is used to indicate described Log services end returns to the number of the newer daily record knowledge module when judging to have newer daily record knowledge module;
The acquiring unit obtains institute for the number according to the newer daily record knowledge module from the log services end State newer daily record knowledge module.
14. device according to claim 13, which is characterized in that the newer daily record knowledge module at the log services end It is the application programming interface api function by the log services end by calling daily record knowledge module distribution site, from institute State the acquisition of daily record knowledge module distribution site;Alternatively,
The newer daily record knowledge module at the log services end is obtained by the log services end from storage medium.
15. device according to claim 14, which is characterized in that described device further includes:Receiving unit;
The transmission unit is additionally operable to IP address and listening port according to the log services end, to having opened the monitoring Port and the log services end transmission test post for opening listening mode;
The receiving unit disappears for receiving the log services end according to the confirmation that the test post received is sent Breath.
16. a kind of harvester of daily record, which is characterized in that described device includes:Acquiring unit, transmission unit and reception are single Member;
The acquiring unit, for obtaining at least one daily record knowledge module, wherein each daily record knowledge module and operating system It corresponds, alternatively, each daily record knowledge module is corresponded with application system;
The transmission unit, for when receiving the inquiry instruction of daily record client transmission, being returned to the daily record client The number of the daily record knowledge module;
The receiving unit, the daily record knowledge module sent according to the transmission unit for receiving the daily record client Number send acquisition instruction;
The transmission unit is additionally operable to the acquisition instruction received according to the receiving unit, is returned to the daily record client Return the daily record knowledge module so that daily record knowledge module described in the daily record client executing, to corresponding operating system or The journal file of person's application system parses, and acquires the object content information of the journal file;
The receiving unit is additionally operable to receive the object content information of the daily record client acquisition.
17. device according to claim 16, which is characterized in that the acquiring unit is specifically used for:
By calling the application programming interface api function of daily record knowledge module distribution site, from the daily record knowledge module Distribution site obtains at least one daily record knowledge module;Alternatively,
At least one daily record knowledge module is obtained from storage medium.
18. device according to claim 16 or 17, which is characterized in that described device further includes:Start unit;
The receiving unit is additionally operable to receive configuration-direct;
The start unit, the configuration-direct for being received according to the receiving unit open listening port, and open prison Listen pattern;
The receiving unit is additionally operable to receive the test post that the daily record client is sent;
The transmission unit is additionally operable to return to confirmation message to the daily record client according to the test post.
CN201510451557.1A 2015-07-28 2015-07-28 A kind of acquisition method and device of daily record Active CN105141448B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510451557.1A CN105141448B (en) 2015-07-28 2015-07-28 A kind of acquisition method and device of daily record

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510451557.1A CN105141448B (en) 2015-07-28 2015-07-28 A kind of acquisition method and device of daily record

Publications (2)

Publication Number Publication Date
CN105141448A CN105141448A (en) 2015-12-09
CN105141448B true CN105141448B (en) 2018-10-02

Family

ID=54726666

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510451557.1A Active CN105141448B (en) 2015-07-28 2015-07-28 A kind of acquisition method and device of daily record

Country Status (1)

Country Link
CN (1) CN105141448B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105630650A (en) * 2015-12-25 2016-06-01 北京奇虎科技有限公司 Log processing method, device and system
CN106855888B (en) * 2016-12-29 2020-12-22 北京车智赢科技有限公司 Log monitoring system based on Logstash distributed system
CN106656619A (en) * 2016-12-30 2017-05-10 郑州云海信息技术有限公司 Linux log management system and method
CN109559181A (en) * 2017-09-26 2019-04-02 北京国双科技有限公司 Order data acquisition method and device
CN108108285A (en) * 2017-12-26 2018-06-01 广东欧珀移动通信有限公司 Log processing method, device, storage medium and terminal device
CN111526110B (en) * 2019-02-01 2024-02-27 国家计算机网络与信息安全管理中心 Method, device, equipment and medium for detecting unauthorized login of email account
CN110888790B (en) * 2019-11-29 2024-02-27 杭州迪普科技股份有限公司 Log management method and device, electronic equipment and storage medium
CN115209394A (en) * 2022-05-31 2022-10-18 深圳市广和通无线股份有限公司 Log capture method, device, equipment and storage medium
CN116225854A (en) * 2023-05-05 2023-06-06 北京明易达科技股份有限公司 Method, system, medium and equipment for automatically collecting server log

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1549160A (en) * 2003-05-23 2004-11-24 联想(北京)有限公司 Equipment daily record real-time analyzing system and journal analyzing method based on card technique
CN101237326A (en) * 2008-02-29 2008-08-06 华为技术有限公司 Method, device and system for real time parsing of device log
CN101277225A (en) * 2008-05-09 2008-10-01 杭州华三通信技术有限公司 Method for analyzing network quality as well as network quality analysis terminal-initiating equipment
CN101515245A (en) * 2008-02-21 2009-08-26 卓望数码技术(深圳)有限公司 Operation log recording method and system
CN103178982A (en) * 2011-12-23 2013-06-26 阿里巴巴集团控股有限公司 Method and device for analyzing log
CN103425750A (en) * 2013-07-23 2013-12-04 国云科技股份有限公司 Cross-platform and cross-application log collecting system and collecting managing method thereof
CN103577443A (en) * 2012-07-30 2014-02-12 中国银联股份有限公司 Log processing system
CN103929329A (en) * 2014-04-14 2014-07-16 百度在线网络技术(北京)有限公司 Log processing and configuration method, configuration server, service end device and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070239799A1 (en) * 2006-03-29 2007-10-11 Anirudh Modi Analyzing log files

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1549160A (en) * 2003-05-23 2004-11-24 联想(北京)有限公司 Equipment daily record real-time analyzing system and journal analyzing method based on card technique
CN101515245A (en) * 2008-02-21 2009-08-26 卓望数码技术(深圳)有限公司 Operation log recording method and system
CN101237326A (en) * 2008-02-29 2008-08-06 华为技术有限公司 Method, device and system for real time parsing of device log
CN101277225A (en) * 2008-05-09 2008-10-01 杭州华三通信技术有限公司 Method for analyzing network quality as well as network quality analysis terminal-initiating equipment
CN103178982A (en) * 2011-12-23 2013-06-26 阿里巴巴集团控股有限公司 Method and device for analyzing log
CN103577443A (en) * 2012-07-30 2014-02-12 中国银联股份有限公司 Log processing system
CN103425750A (en) * 2013-07-23 2013-12-04 国云科技股份有限公司 Cross-platform and cross-application log collecting system and collecting managing method thereof
CN103929329A (en) * 2014-04-14 2014-07-16 百度在线网络技术(北京)有限公司 Log processing and configuration method, configuration server, service end device and system

Also Published As

Publication number Publication date
CN105141448A (en) 2015-12-09

Similar Documents

Publication Publication Date Title
CN105141448B (en) A kind of acquisition method and device of daily record
CN107870933B (en) Method, device and system for counting android application page browsing behaviors
Tolle et al. Design of an application-cooperative management system for wireless sensor networks
US9306806B1 (en) Intelligent resource repository based on network ontology and virtualization
CN103490937B (en) Method and device for filtering monitoring data
CN109644146B (en) Locating network faults through differential analysis of TCP telemetry
CN109460343A (en) System exception monitoring method, device, equipment and storage medium based on log
US20100241907A1 (en) Network monitor and control apparatus
CN107704360A (en) Processing method, equipment, server and the storage medium of monitoring data
CN105512044A (en) Method and system for updating object base used for keyword drive test
US7761550B2 (en) Network management for a plurality of agents using periodic status messages
CN103544095A (en) Server program monitoring method and system of server program
CN105099733A (en) Equipment safety management method in safety management and control platform and equipment safety management system in safety management and control platform
CN111698127A (en) System, method and device for monitoring state of equipment in network
CN108877188B (en) Environment-friendly data concurrent acquisition and multi-network publishing method and device
CN108170609A (en) Localization method, device, computer equipment and the readable storage medium storing program for executing of program bug
CN110912751A (en) Network equipment topological graph generation method and related device
CN109981377B (en) Distributed data center link monitoring method and system
US20080072321A1 (en) System and method for automating network intrusion training
US9189362B2 (en) Method for measuring the performance of a target server housing a dynamic monitoring tool
Dalle Vacche et al. Zabbix network monitoring essentials
US7302455B1 (en) System and method for reliably purging statistical records
CN101453454A (en) Internal tracking method and network attack detection
US11561848B2 (en) Policy-based logging using workload profiles
CN102594611B (en) Trap session chain table updating method for webmaster agent

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20200417

Address after: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee after: HUAWEI TECHNOLOGIES Co.,Ltd.

Address before: Room 301, building a, building 3, No. 301, Binxing Road, Binjiang District, Shenzhen City, Guangdong Province

Patentee before: Hangzhou Huawei Digital Technology Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220210

Address after: 550025 Huawei cloud data center, jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guiyang City, Guizhou Province

Patentee after: Huawei Cloud Computing Technologies Co.,Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right