CN105553743B - Obtain method, system, first network equipment and the third network equipment of log - Google Patents

Obtain method, system, first network equipment and the third network equipment of log Download PDF

Info

Publication number
CN105553743B
CN105553743B CN201511026295.0A CN201511026295A CN105553743B CN 105553743 B CN105553743 B CN 105553743B CN 201511026295 A CN201511026295 A CN 201511026295A CN 105553743 B CN105553743 B CN 105553743B
Authority
CN
China
Prior art keywords
network equipment
log
backup
network
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201511026295.0A
Other languages
Chinese (zh)
Other versions
CN105553743A (en
Inventor
吴崇武
肖春亮
陈鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Original Assignee
NSFOCUS Information Technology Co Ltd
Beijing NSFocus Information Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NSFOCUS Information Technology Co Ltd, Beijing NSFocus Information Security Technology Co Ltd filed Critical NSFOCUS Information Technology Co Ltd
Priority to CN201511026295.0A priority Critical patent/CN105553743B/en
Publication of CN105553743A publication Critical patent/CN105553743A/en
Application granted granted Critical
Publication of CN105553743B publication Critical patent/CN105553743B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0677Localisation of faults
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of methods for obtaining log, system, the third network equipment and first network equipment, it include: a kind of system for obtaining log, it is characterized in that, including first network equipment, second network equipment and the third network equipment, wherein, second network equipment sends early warning information, the first network equipment, receive the early warning information that second network equipment is sent, the first network equipment sends Log backup instruction to the third network equipment, the third network equipment receives the Log backup instruction that first network equipment is sent, when determining that the Log backup instruction meets the requirements, it is instructed according to the Log backup, backup log;The backup log is sent to the first network equipment by the third network equipment;The first network equipment receives the backup log that the third network equipment is sent, and for improving the efficiency for obtaining log, realizes to the positioning analysis of failure, improves efficiency.

Description

Obtain method, system, first network equipment and the third network equipment of log
Technical field
The present invention relates to fields of communication technology, more particularly, to a kind of method, system, first network equipment for obtaining log And the third network equipment.
Background technique
In field of computer technology, as the communication technology continues to develop, the network equipment is continuously increased, and is needed in many cases The network equipment is debugged, the reason of to determine exception of network traffic, to guarantee that user can normally access network.
Under normal circumstances, the network equipment in the process of running, can be monitored the network equipment of the operation, the knot of monitoring Fruit can pass through log recording corresponding with the network equipment of the operation.In log, the network equipment of the operation can recorde Operating status and record the network flow of network, corresponding log recording time.It is subsequent can be by dividing log Analysis, the network where realizing the failure cause that the network equipment is debugged, determined to the network equipment or determining the network equipment go out Now abnormal reason.
But the memory space of the network equipment is limited, and has randomness when the network equipment of operation is abnormal, this It is possible to exist when the network equipment of operation occurs abnormal, the network equipment of the operation can correspond to a large amount of logs, to correlation When log is analyzed, log quantity to be analyzed is relatively more, needs to be screened in numerous logs, be unfavorable for more Log required for quickly determining in log, in addition, determining log relevant to abnormality in a large amount of logs, efficiency compares It is low.
Summary of the invention
The present invention provides a kind of method, system, first network equipment and third network equipments for obtaining log, for mentioning Height obtains the efficiency of log, and then realizes to the positioning analysis of failure, improves efficiency.
A kind of system obtaining log, including first network equipment, second network equipment and the third network equipment, it is described Second network equipment is used to monitor the operating status of the third network equipment;And/or flow through the network flow of the third network equipment Amount;Wherein, second network equipment sends early warning information, wherein the early warning information is that second network equipment is being determined to supervise The early warning that the network flow for flowing through the third network equipment of control issues when occurring abnormal;The first network equipment, described in reception The early warning information that second network equipment is sent, the first network equipment send Log backup instruction, institute to the third network equipment Log backup instruction is stated for notifying the third network equipment to back up log corresponding with the third network equipment;The third network is set The standby Log backup instruction for receiving first network equipment and sending, when determining that the Log backup instruction meets the requirements, according to The Log backup instruction, backup log;The backup log is sent to the first network and set by the third network equipment It is standby;The first network equipment receives the backup log that the third network equipment is sent.
The first network equipment is also used to send log recording instruction to the third network equipment, wherein the log note Record instruction is that the instruction third network equipment records log corresponding with the third network equipment;The third network equipment receives The log recording instruction that the first network equipment is sent, the third network equipment instruct record day according to the log recording Will.
A method of obtaining log, comprising: first network equipment disappears in the early warning for receiving the transmission of second network equipment When breath, the first network equipment sends Log backup instruction to the third network equipment, wherein the early warning information is the second net The early warning that network equipment is issued when the network flow for flowing through the third network equipment for determining monitoring occurs abnormal, the log are standby Part instruction is for notifying the third network equipment to back up log corresponding with the third network equipment, and second network equipment is for supervising Control the operating status of the third network equipment;And/or flow through the network flow of the third network equipment;The first network equipment Receive the backup log that the third network equipment is sent.
It is included at least in the Log backup instruction one of following: the BACKUP TIME of log to be backed up;It is to be backed up Log backup format;The backup address of log to be backed up.
Before the early warning information that first network equipment receives the transmission of second network equipment, further includes: first net Network equipment sends log recording instruction to the third network equipment, wherein the log recording instruction is the instruction third network equipment Record log corresponding with the third network equipment.
A method of obtaining log, comprising: the third network equipment receives the Log backup that first network equipment is sent and refers to It enables, wherein Log backup instruction is for notifying the third network equipment to back up log corresponding with the third network equipment, it is described Second network equipment is used to monitor the operating status of the third network equipment, and/or flows through the network flow of the third network equipment Amount;The third network equipment is instructed when determining that the Log backup instruction meets the requirements according to the Log backup, standby Part log;The backup log is sent to the first network equipment by the third network equipment.
Before the Log backup instruction that the third network equipment receives that first network equipment is sent, further includes: the third The network equipment receives the log recording instruction that the first network equipment is sent;The third network equipment is remembered according to the log Record instruction record log.
A kind of first network equipment, comprising: receiving module, for receiving the early warning information of second network equipment transmission, institute Stating early warning information is second network equipment hair when the network flow for flowing through the third network equipment for determining monitoring occurs abnormal Early warning out;Sending module, for being sent to the third network equipment when receiving the early warning information of second network equipment transmission Log backup instruction, wherein Log backup instruction is corresponding with the third network equipment for notifying the backup of the third network equipment Log, second network equipment are used to monitor the operating status of the third network equipment, and/or flow through the third network equipment Network flow;The receiving module is also used to receive the backup log that the third network equipment is sent.
It is included at least in the Log backup instruction that the sending module is sent one of following:
The BACKUP TIME of log to be backed up;
The backup format of log to be backed up;
The backup address of log to be backed up.
The sending module is also used to send log recording instruction to the third network equipment, wherein the log recording refers to Order is that the instruction third network equipment records log corresponding with the third network equipment.
A kind of third network equipment, comprising:
Receiving module, for receiving the Log backup instruction of first network equipment transmission, wherein the Log backup instructs For notifying the third network equipment to back up log corresponding with the third network equipment, second network equipment is described for monitoring The operating status of the third network equipment, and/or flow through the network flow of the third network equipment;Memory module, for determining When the Log backup instruction meets the requirements, instructed according to the Log backup, backup log;Sending module, being used for will be described Backup log is sent to the first network equipment.
The receiving module is also used to receive the log recording instruction that the first network equipment is sent;The storage mould Block is also used to instruct record log according to the log recording.
Through the above technical solutions, being disappeared by first network equipment in the early warning for receiving the transmission of second network equipment When breath, first network equipment sends Log backup instruction to the third network equipment, and first network equipment receives the third network equipment The backup log of transmission obtains corresponding log in time, does not need so as to realize when the third network equipment breaks down It is screened, and then is realized to the positioning analysis of failure in the log of magnanimity, improved efficiency.
Detailed description of the invention
Fig. 1 is the system structure composition schematic diagram of the acquisition log of proposition in the embodiment of the present invention;
Fig. 2 is one of the method flow diagram of the acquisition log of proposition in the embodiment of the present invention;
Fig. 3 is in the embodiment of the present invention the two of the method flow diagram of the acquisition log of proposition;
Fig. 4 is the first network device structure composition schematic diagram of proposition in the embodiment of the present invention;
Fig. 5 is the third network equipment infrastructure composition schematic diagram of proposition in the embodiment of the present invention.
Specific embodiment
By first network equipment when receiving the early warning information of second network equipment transmission, first network equipment Log backup instruction is sent to the third network equipment, first network equipment receives the backup log that the third network equipment is sent, from And may be implemented to obtain corresponding log in time when the third network equipment occurs abnormal, do not need in the log of magnanimity into Row screening, and then realize to the positioning analysis of abnormal conditions, it improves efficiency.
In the technical solution for the acquisition log that the embodiment of the present invention proposes, for convenient for illustrating, the network equipment is made first The differentiation of the network equipment, second network equipment and the third network equipment, wherein first network equipment, second network equipment and The third network equipment can be, but not limited to be single network equipment, can also be the net with identical function attribute respectively Network device clusters.First network equipment is for controlling log, being obtained.First network equipment can be one and independently set Service equipment in a network is set, a module being also possible in the integrated network equipments other in a network.Second network is set It is ready for use on and the operating status of the third network equipment is monitored.Second network equipment can be one and be independently arranged in a network Service equipment, be also possible to a module of the integrated network equipments other in a network.Second network equipment can monitor The operating status of three network equipments, and/or monitoring flow through the network flow of the third network equipment.The third network equipment can be net Any network equipment run in network, be also possible to the Network Security Device run in network, such as firewall, routing device with And other relayings etc..
In the technical solution that the embodiment of the present invention proposes, set with first network equipment, second network equipment and third network Standby be described in detail for the independent network equipment.
Below in conjunction with each attached drawing to the main realization principle of technical solution of the embodiment of the present invention, specific embodiment and Its beneficial effect corresponding to reach is set forth.
The embodiment of the present invention proposes a kind of system for obtaining log, including at least one first network equipment.At least one Second network equipment and at least one third network equipment.
Wherein, within the system, it is connected between first network equipment and second network equipment by TCP, UDP, Huo Zhe Between one network equipment and second network equipment first network can also be used for transmission by wired or wirelessly double hit Data between equipment and second network equipment.It can be by wired or wireless between second network equipment and the third network equipment Mode connect, second network equipment is monitored the operating status of the third network equipment, and/or monitoring flow through third net The network flow of network equipment.Can be between second network equipment and the third network equipment it is one-to-one be monitored, can also be with It is one-to-many or the mode of many-one, multi-to-multi.
Engine key point in a network can be set in first network equipment, and each third network equipment institute is right in collection network The log information answered.The log of the case where in view of multi-process, record can individually establish single log text according to process number Part can preferably solve the problems, such as that same file synchronizes caused log and loses in this way.First network equipment can also be to The third network equipment send control command, such as control the third network equipment whether record log and logging level, log text Part size and number etc..
Based on system architecture shown in FIG. 1, the embodiment of the present invention proposes a kind of method for obtaining log, as shown in Fig. 2, its Specific process flow is for example following:
Step 21, second network equipment is monitored the third network equipment.
It can be connected by wired or wireless mode between second network equipment and the third network equipment, the second network is set It is standby that the operating status of the third network equipment is monitored, and/or monitor the network flow for flowing through the third network equipment.Second Can be between the network equipment and the third network equipment it is one-to-one be monitored, be also possible to one-to-many or many-one, multipair More modes.Specific restriction is not done herein.
In the technical solution that the embodiment of the present invention proposes, the network of the third network equipment is flowed through with the monitoring of second network equipment It is described in detail for flow.
Step 22, second network equipment sends early warning information to first network equipment.
Wherein early warning information is that second network equipment is measured in the network flow for flowing through the third network equipment for determining monitoring The early warning issued when now abnormal.
If the network flow for flowing through the third network equipment occurs abnormal, which is likely to occur failure, There is congestion in network flow either where the third network equipment, needs to debug the third network equipment, to protect It is normal to demonstrate,prove network.
It by second network equipment is described in detail for personal PC machine, the third network equipment are firewalls.In Fig. 1 institute In the network architecture shown, second network equipment is required to pass through firewall by being connected to internet, the data of transmission.Second net Network equipment is monitored the operating status and network flow of firewall.When second network equipment accesses network, there is certain When the obstructed situation in a port, it is assumed that failure cause is that the connection between firewall disconnects at this time, or can not ping Logical, second network equipment sends early warning information to first network equipment.
When the network flow for flowing through second network equipment is greater than a certain setting value, second network equipment is set to first network Preparation send early warning information, or when the network flow for flowing through second network equipment is less than a certain setting value, second network equipment Early warning information is sent to first network equipment.That is, the monitoring of second network equipment flows through the network flow of the third network equipment Amount, network flow is excessive or very few suddenly, then it is abnormal to illustrate that the third network equipment occurs.
The third network equipment occurs abnormal, it is also possible to which the third network equipment breaks down, and can also be that third network is set Whether there are new file generated, data-base content the anomalous events such as whether to change in standby.
It may include the mark of the third network equipment in early warning information.
Step 23, first network equipment receives the early warning information that second network equipment is sent.
Step 24, first network equipment sends Log backup instruction to the third network equipment.
Wherein Log backup instruction is for notifying the third network equipment to back up log corresponding with the third network equipment.
First network equipment can send Log backup instruction to multiple third network equipments.
Step 25, the third network equipment receives Log backup instruction.
Wherein, comprising at least one of following in Log backup instruction:
A: the BACKUP TIME of log to be backed up.
In the BACKUP TIME of log to be backed up, initial time, the end time of log to be backed up may include.
B: the backup format of log to be backed up.
What format is the backup format of log to be backed up may include Log backup into, such as can back up as doc Format, txt text formatting, compressed format etc..
The backup format of log to be backed up, can also be comprising backing up date of what format, such as txt text formatting Log.
C: the backup address of log to be backed up.
It may include the log backed up in what address in the backup address of log to be backed up.
D: the mark of log to be backed up.
The mark of log to be backed up can be the mark of the third network equipment, i.e. the mark of log passes through its corresponding net The mark of network equipment indicates.
Step 26, the third network equipment determines whether the Log backup received instruction meets the requirements, if it is judged that It is yes, execution step 27, otherwise ends processing.
Step 27, when determining that Log backup instruction meets the requirements, the third network equipment is instructed according to Log backup, standby Part log.
Step 28, backup log is sent to first network equipment by the third network equipment.
Step 29, first network equipment receives the backup log that the third network equipment is sent.
Optionally, as shown in figure 3, before above-mentioned steps 21, can also include:
Step 30, first network equipment sends control command to the third network equipment.
First network equipment sends control command to the third network equipment, such as whether the control third network equipment records day Will and logging level, log file size and number etc..
The control command can also be that log recording instructs.
Wherein, log recording instruction is that the instruction third network equipment records log corresponding with the third network equipment.
The mark that may include the third network equipment in log recording instruction, can also include log record, day Will records time etc..
Step 31, the third network equipment receives the log recording instruction that first network equipment is sent.
Step 32, the third network equipment instructs record log according to log recording.
After above-mentioned steps 32, can also include:
Step 33, the third network equipment judges whether the log of record is more than pre-set file size, if it is determined that As a result it is yes, execution step 34, otherwise ends processing.
Step 34, the log of record is more than pre-set file size, according to recently at most for using algorithm, deletion is deposited Store up time longest log.
According to recently at most for using algorithm, the deletion longest log of storage time can preferably realize log rotation.
Correspondingly, the embodiment of the present invention also proposes a kind of first network equipment, as shown in figure 4, its structure composition is for example following:
Receiving module 401, for receiving the early warning information of second network equipment transmission, the early warning information is the second network The early warning that equipment is issued when the network flow for flowing through the third network equipment for determining monitoring occurs abnormal.
Sending module 402, for being sent out to the third network equipment when receiving the early warning information of second network equipment transmission Log backup is sent to instruct, wherein Log backup instruction is corresponding with the third network equipment for notifying the backup of the third network equipment Log, second network equipment is used to monitor the operating status of the third network equipment, and/or flows through third network and set Standby network flow.
The receiving module 401 is also used to receive the backup log that the third network equipment is sent.
Specifically, it is included at least in the Log backup instruction that above-mentioned sending module 402 is sent one of following:
The BACKUP TIME of log to be backed up;
The backup format of log to be backed up;
The backup address of log to be backed up.
Wherein, above-mentioned sending module 402 is also used to send log recording instruction to the third network equipment, wherein the day Will recording instruction is that the instruction third network equipment records log corresponding with the third network equipment.
Correspondingly, the embodiment of the present invention also proposes a kind of third network equipment, as shown in figure 5, its structure composition is specifically such as It is following to include:
Receiving module 501, for receiving the Log backup instruction of first network equipment transmission, wherein the Log backup refers to It enables for notifying the third network equipment to back up log corresponding with the third network equipment, second network equipment is for monitoring institute The operating status of the third network equipment is stated, and/or flows through the network flow of the third network equipment;
Memory module 502, for referring to according to the Log backup when determining that the Log backup instruction meets the requirements It enables, backup log.
Sending module 503, for the backup log to be sent to the first network equipment.
Optionally, the receiving module is also used to receive the log recording instruction that the first network equipment is sent;It is described Memory module is also used to instruct record log according to the log recording.
It will be understood by those skilled in the art that the embodiment of the present invention can provide as method, apparatus (equipment) or computer Program product.Therefore, in terms of the present invention can be used complete hardware embodiment, complete software embodiment or combine software and hardware Embodiment form.Moreover, it wherein includes the meter of computer usable program code that the present invention, which can be used in one or more, The computer implemented in calculation machine usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of program product.
The present invention be referring to according to the method for the embodiment of the present invention, the flow chart of device (equipment) and computer program product And/or block diagram describes.It should be understood that each process in flowchart and/or the block diagram can be realized by computer program instructions And/or the combination of the process and/or box in box and flowchart and/or the block diagram.It can provide these computer programs to refer to Enable the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to generate One machine so that by the instruction that the processor of computer or other programmable data processing devices executes generate for realizing The device for the function of being specified in one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims (5)

1. a kind of system for obtaining log, which is characterized in that including first network equipment, second network equipment and third network Equipment, second network equipment are used to monitor the operating status of the third network equipment;And/or flow through the third network equipment Network flow;
Wherein, second network equipment sends early warning information, wherein the early warning information is that second network equipment is being determined The early warning that the network flow for flowing through the third network equipment of monitoring issues when occurring abnormal;
The first network equipment, receives the early warning information that second network equipment is sent, and the first network equipment is to the Three network equipments send Log backup instruction, and the Log backup instruction is for notifying the backup of the third network equipment and third network The corresponding log of equipment;
The third network equipment receives the Log backup instruction that first network equipment is sent, and is determining that the Log backup refers to When order meets the requirements, instructed according to the Log backup, backup log;The third network equipment sends the backup log To the first network equipment;
The first network equipment receives the backup log that the third network equipment is sent;
The first network equipment is also used to send log recording instruction to the third network equipment, wherein the log recording refers to Order is that the instruction third network equipment records log corresponding with the third network equipment;
The third network equipment receives the log recording instruction that the first network equipment is sent, and the third network equipment is pressed Record log is instructed according to the log recording, if the log of record is more than pre-set file size, according to recently at most Algorithm is not used, deletes the longest log of storage time;
The first network equipment is also used to send control command to the third network equipment, and the control command is described for controlling The third network equipment whether record log, logging level, log size and number, log individually establishes single according to process number A journal file.
2. a kind of method for obtaining log characterized by comprising
For first network equipment when receiving the early warning information of second network equipment transmission, the first network equipment is to third net Network equipment sends Log backup instruction, wherein the early warning information, which is second network equipment, flows through third net determine monitoring The early warning that the network flow of network equipment issues when occurring abnormal, the Log backup instruction is for notifying the third network equipment to back up Log corresponding with the third network equipment, second network equipment are used to monitor the operating status of the third network equipment; And/or flow through the network flow of the third network equipment;
The first network equipment receives the backup log that the third network equipment is sent;
Wherein, before the early warning information that first network equipment receives the transmission of second network equipment, further includes:
The first network equipment sends log recording instruction to the third network equipment, wherein the log recording instruction refers to Show that the third network equipment records corresponding with third network equipment log, and if record log more than pre-set File size deletes the longest log of storage time then according to algorithm is not used at most recently;The first network equipment is to Three network equipments send control command, the control command for control the third network equipment whether record log, log Grade, log size and number, log individually establish individual log file according to process number.
3. a kind of method for obtaining log characterized by comprising
The third network equipment receives the day that first network equipment is sent when receiving the early warning information of second network equipment transmission Will backup instruction, wherein Log backup instruction is for notifying the third network equipment to back up day corresponding with the third network equipment Will, second network equipment are used to monitor the operating status of the third network equipment, and/or flow through the third network equipment Network flow;
The third network equipment is instructed when determining that the Log backup instruction meets the requirements according to the Log backup, Backup log;
The backup log is sent to the first network equipment by the third network equipment;
Wherein, before the Log backup instruction that the third network equipment receives that first network equipment is sent, further includes:
The third network equipment receives the log recording instruction that the first network equipment is sent;The third network equipment is pressed Record log is instructed according to the log recording, if the log of record is more than pre-set file size, according to recently at most Algorithm is not used, deletes the longest log of storage time;The third network equipment receives what the first network equipment was sent Control command, the control command for control the third network equipment whether record log, logging level, log size with And number, log individually establish individual log file according to process number.
4. a kind of first network equipment characterized by comprising
Receiving module, for receiving the early warning information of second network equipment transmission, the early warning information is that second network equipment exists Determine the early warning issued when the network flow for flowing through the third network equipment of monitoring occurs abnormal;
Sending module, for sending log to the third network equipment when receiving the early warning information of second network equipment transmission Backup instruction, wherein Log backup instruction is for notifying the third network equipment to back up day corresponding with the third network equipment Will, second network equipment are used to monitor the operating status of the third network equipment, and/or flow through the third network equipment Network flow;
The receiving module is also used to receive the backup log that the third network equipment is sent;
Wherein, the sending module is also used to send log recording instruction to the third network equipment, wherein the log Recording instruction is that the instruction third network equipment records corresponding with third network equipment log, and if the log of record surpass Pre-set file size is crossed, then according to algorithm is not used at most recently, deletes the longest log of storage time;Be also used to The third network equipment send control command, the control command for control the third network equipment whether record log, day Will grade, log size and number, log individually establish individual log file according to process number.
5. a kind of third network equipment characterized by comprising
Receiving module, the day sent for receiving first network equipment when receiving the early warning information of second network equipment transmission Will backup instruction, wherein Log backup instruction is for notifying the third network equipment to back up day corresponding with the third network equipment Will, second network equipment are used to monitor the operating status of the third network equipment, and/or flow through the third network equipment Network flow;
Memory module, for being instructed according to the Log backup, backup when determining that the Log backup instruction meets the requirements Log;
Sending module, for the backup log to be sent to the first network equipment;
The receiving module is also used to receive the log recording instruction that the first network equipment is sent;It is also used to receive described First network equipment send control command, the control command for control the third network equipment whether record log, Logging level, log size and number, log individually establish individual log file according to process number;
The memory module is also used to instruct record log according to the log recording, if the log of record is more than to preset File size, then according to recently at most be not used algorithm, delete the longest log of storage time.
CN201511026295.0A 2015-12-30 2015-12-30 Obtain method, system, first network equipment and the third network equipment of log Active CN105553743B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201511026295.0A CN105553743B (en) 2015-12-30 2015-12-30 Obtain method, system, first network equipment and the third network equipment of log

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201511026295.0A CN105553743B (en) 2015-12-30 2015-12-30 Obtain method, system, first network equipment and the third network equipment of log

Publications (2)

Publication Number Publication Date
CN105553743A CN105553743A (en) 2016-05-04
CN105553743B true CN105553743B (en) 2019-07-02

Family

ID=55832683

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201511026295.0A Active CN105553743B (en) 2015-12-30 2015-12-30 Obtain method, system, first network equipment and the third network equipment of log

Country Status (1)

Country Link
CN (1) CN105553743B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107070706A (en) * 2017-03-24 2017-08-18 中国联合网络通信集团有限公司 Log processing method and device based on Service-Oriented Architecture Based
CN109039676B (en) * 2017-06-08 2021-09-10 中国移动通信有限公司研究院 Network fault diagnosis method and device and computer readable storage medium
CN108259241A (en) * 2018-01-11 2018-07-06 上海有云信息技术有限公司 A kind of abnormal localization method and device of cloud platform monitoring system
CN110190992A (en) * 2019-05-21 2019-08-30 上海连尚网络科技有限公司 A kind of monitoring method and routing device of failure
CN112422328B (en) * 2020-11-03 2023-05-09 深圳市广和通无线股份有限公司 Log acquisition method, device, computer equipment and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5138322B2 (en) * 2007-09-14 2013-02-06 東京エレクトロン株式会社 Processing system control apparatus, processing system control method, and storage medium storing control program
CN101286888B (en) * 2008-05-21 2010-08-11 天柏宽带网络科技(北京)有限公司 Operating method of log system
CN102307115A (en) * 2011-09-21 2012-01-04 大唐移动通信设备有限公司 Method and device for recovering fault entity
CN103532943A (en) * 2013-10-08 2014-01-22 北京神州绿盟信息安全科技股份有限公司 Web application firewall device and asynchronous security protection log processing method
CN103795577A (en) * 2014-03-03 2014-05-14 网神信息技术(北京)股份有限公司 Log processing method and device of log server

Also Published As

Publication number Publication date
CN105553743A (en) 2016-05-04

Similar Documents

Publication Publication Date Title
CN105553743B (en) Obtain method, system, first network equipment and the third network equipment of log
CN105959144A (en) Safety data acquisition and anomaly detection method and system facing industrial control network
CN103812699A (en) Monitoring management system based on cloud computing
CN107295021B (en) Security detection method and system of host based on centralized management
CN106817243A (en) Management system and management method for server resources
CN110300100A (en) The association analysis method and system of log audit
US20080104248A1 (en) Computer system and method for monitoring performance of the computer system
US20140089477A1 (en) System and method for monitoring storage machines
CN105897501A (en) Data monitoring method and device
CN103905255A (en) Remote automatic alarm system and method for internal hardware operation faults of servers
CN106656640A (en) Early warning method and device of network attack
JP2007013590A (en) Network monitoring system, network monitoring device and program
CN105119737A (en) Method for monitoring Ceph cluster through Zabbix
CN111200526A (en) Monitoring system and method of network equipment
CN107317708B (en) Monitoring method and device for court business application system
CN108073499A (en) The test method and device of application program
CN113938306B (en) Trusted authentication method and system based on data cleaning rule
CN108092849A (en) Business datum monitoring method, apparatus and system
CN110381047A (en) A kind of method, server and the system of the tracking of network attack face
JP6233414B2 (en) Information processing apparatus, filtering system, filtering method, and filtering program
KR20160087187A (en) Cyber blackbox system and method thereof
CN110365673A (en) Method, server and the system in a kind of isolation network attack face
CN103916376A (en) Cloud system with attract defending mechanism and defending method thereof
JP2017103707A (en) System, device and method for data collection
CN103618643B (en) A kind of message queue dynamic alert monitoring method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building

Patentee after: NSFOCUS Technologies Group Co.,Ltd.

Patentee after: NSFOCUS TECHNOLOGIES Inc.

Address before: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building

Patentee before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd.

Patentee before: NSFOCUS TECHNOLOGIES Inc.