CN105554181B - A kind of DNS log compression method and apparatus - Google Patents

A kind of DNS log compression method and apparatus Download PDF

Info

Publication number
CN105554181B
CN105554181B CN201610051795.8A CN201610051795A CN105554181B CN 105554181 B CN105554181 B CN 105554181B CN 201610051795 A CN201610051795 A CN 201610051795A CN 105554181 B CN105554181 B CN 105554181B
Authority
CN
China
Prior art keywords
dns
log
port
time point
domain name
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610051795.8A
Other languages
Chinese (zh)
Other versions
CN105554181A (en
Inventor
丁文涛
尹嘉路
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Far Long (beijing) Technical Service Co Ltd
Original Assignee
Far Long (beijing) Technical Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Far Long (beijing) Technical Service Co Ltd filed Critical Far Long (beijing) Technical Service Co Ltd
Priority to CN201610051795.8A priority Critical patent/CN105554181B/en
Publication of CN105554181A publication Critical patent/CN105554181A/en
Application granted granted Critical
Publication of CN105554181B publication Critical patent/CN105554181B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/174Redundancy elimination performed by the file system
    • G06F16/1744Redundancy elimination performed by the file system using compression, e.g. sparse files
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/565Conversion or adaptation of application format or content
    • H04L67/5651Reducing the amount or size of exchanged application data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of DNS log compression method and apparatus, method includes: that step 1) obtains domain name system DNS original log;Step 2) according in DNS source IP address, request port match Radius log in the IP address authentication information;Step 3) judges whether the domain name of the DNS belongs to 2,600,000 domain names;Step 4) is as the DNS belonged in above 2,600,000 domain name, then the DNS original log is analyzed, and match user account, calculate PV, access time point mean value, access time point variance, final a plurality of record is merged into a record, while leaving out original log.This invention takes after above scheme, realizing that DNS initial data is more than the reduction of 100 orders of magnitude, it ensure that the value of data while DNS data amount is greatly reduced, there is good technical effect.

Description

A kind of DNS log compression method and apparatus
Technical field
The invention belongs to internet areas, and in particular to a kind of domain name system log DNS compression method and device.
Background technique
With the fast development of Internet technology, more and more users start to access and frequently using internet, DNS An one's share of expenses for a joint undertaking indispensable as internet, the log amount of generation is also in explosive increase, by taking Guangdong Province as an example, is generated daily Original DNS log reaches 12T, expands to the whole nation to calculate, daily DNS original log amount reaches 300T, for DNS provider For, how the cost of least cost stores DNS log and guarantees that the validity of data has become urgent problem to be solved.
Method one:
DNS log is compressed, sets up sufficiently large storage cluster to store compression DNS log.Wherein, due to the extension of cluster More storages can be consumed, over time, the cost of cost is increasing.
Method two:
Delete the DNS log information retained more than one month, the DNS log information within only retaining one month.Wherein, surpass The missing for crossing one month DNS log information is more than one month DNS log analysis for time span, cannot achieve.
Summary of the invention
Technical problem to be solved by the invention is to provide a kind of new DNS log compression method and apparatus, to overcome The shortcomings that prior art both the above method.
It is as follows that the present invention solves the technical solution that above-mentioned technical problem is taken:
A kind of DNS log compression method, comprising:
Step 1) obtains domain name system DNS original log, includes: source IP address, source port, destination IP in the original log Address, destination port, ID, domain name, request type, parsing result, parsing time, status code, request or response message;
Step 2) according in DNS source IP address, request port match Radius log in the IP address authentication information, Radius journal format includes:
User account, on-line time, downtime, outer net IP, Intranet IP, outer net both port of origination and outer net terminate port, Wherein, in the state pause judgments port range of Radius, the DNS information is just effective for the request port of only DNS;
Step 3) judges whether the domain name of the DNS belongs to 2,600,000 domain names;
Step 4) then analyzes the DNS original log as the DNS belonged in above 2,600,000 domain name, and matches User account calculates PV, access time point mean value, access time point variance, and final a plurality of record is merged into a record, Leave out original log simultaneously.
Further, it is preferred that in step 2), when the request port of DNS information corresponds to the starting knot of Radius log When beam port is 0, illustrates that the IP address uses all of the port of outer net IP, abandon this DNS information.
Further, it is preferred that DNS is retained in log in step 4), specifically include:
User account, domain name, PV, access time point mean value, access time point variance.
Further, it is preferred that further comprising in step 4): being directed to a certain user, pass through domain name access information Connecting method only retains a record.
Further, it is preferred that calculating PV, access time point mean value, access time point variance in step 4) and specifically wrapping It includes:
It is number that user accesses a certain network address that PV value is corresponding;
Mean value is the sum of the number of minutes of user's each access time apart from same day 00:00/PV, calculation formula: (X1+X2+ ... +Xn)/PV;
Variance is the standard deviation square value of user's access time point and average time point, calculation formula: ((X1-M) ^2+ (X2- M) ^2+ ...+(Xn-M) * 2)/n, wherein n=PV.
A kind of DNS log compression device, comprising:
Log acquisition unit obtains domain name system DNS original log, includes: source IP address, source in the original log Mouth, purpose IP address, destination port, ID, domain name addresses, request type, parsing result, parsing the time, status code, request or Response message;
Log matches unit, according in DNS source IP address, the IP address is recognized in request port match Radius log Information is demonstrate,proved, Radius journal format includes:
User account, on-line time, downtime, outer net IP, Intranet IP, outer net both port of origination and outer net terminate port, Wherein, in the state pause judgments port range of Radius, the DNS information is just effective for the request port of only DNS;
Log analysis unit, judges whether the domain name of the DNS belongs to 2,600,000 domain names;
As the DNS belonged in above 2,600,000 domain name, then the DNS original log is analyzed, and match user, PV, access time point mean value, access time point variance are calculated, final a plurality of record is merged into a record, leaves out simultaneously Original log.
Further, it is preferred that the log matches unit, is further used for existing when the request port of DNS information When the state pause judgments port of Radius log is 0, illustrates that the IP address uses all of the port of outer net IP, abandon this DNS information.
Further, it is preferred that the log analysis unit, further retains in log in DNS, specifically includes:
User account, domain name, PV, access time point mean value, access time point variance.
Further, it is preferred that the log analysis unit is believed further directed to a certain user by domain name access The connecting method of breath only retains a record.
Further, it is preferred that the log analysis unit, calculates PV, access time point mean value, access time point side Difference specifically includes:
It is number that user accesses a certain network address that PV value is corresponding;
Mean value is the sum of the number of minutes of user's each access time apart from same day 00:00/PV, calculation formula: (X1+X2+ ... +Xn)/PV;
Variance is the standard deviation square value of user's access time point and average time point, calculation formula: ((X1-M) ^2+ (X2- M) ^2+ ...+(Xn-M) * 2)/n, wherein n=PV.
This invention takes after above scheme, in conjunction with DNS log, Radius log, DNS log is retained, to realize DNS initial data realizes the reduction more than 100 orders of magnitude, while ensure that number while DNS data amount is greatly reduced According to value, have good technical effect.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by written explanation Specifically noted structure is achieved and obtained in book, claims and attached drawing.
Detailed description of the invention
The present invention is described in detail with reference to the accompanying drawing, so that above-mentioned advantage of the invention is definitely.Its In,
Fig. 1 is the flow diagram of DNS log compression method of the present invention;
Fig. 2 is the structural schematic diagram of DNS log compression device of the present invention.
Specific embodiment
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings and examples, how to apply to the present invention whereby Technological means solves technical problem, and the realization process for reaching technical effect can fully understand and implement.It needs to illustrate As long as not constituting conflict, each feature in each embodiment and each embodiment in the present invention can be combined with each other, It is within the scope of the present invention to be formed by technical solution.
Embodiment one:
The technical program rely on Hadoop big data storage, computing platform, rely on 2,600,000 domain names, original DNS log, Original Radius log, is related description as follows.
DNS original log:
When user accesses website by domain name (www.baidu.com), due to being according to IP in Ethernet transmission Address addresses, so DNS client first can be to the corresponding IP address of dns server nslookup, correspondingly, DNS takes Business device can generate a Request Log, and (parsing result field in Request Log is sky, and time field is corresponding is in fact for parsing Request time), as follows:
Source IP | source port | destination IP | destination port | ID | domain name | request type | parsing result | the parsing time | status code | request
219.141.159.146|11764|219.141.159.146|53|11616|www.baidu.com|A|| 20151028141117.176|0|q
Radius log:
When the terminal of user accesses internet, the Radius letter of the Radius server meeting Authentication Client at operator Breath, Radius journal format are as follows:
User account | on-line time | downtime | outer net IP | Intranet IP | outer net both port of origination | outer net terminates port
0486A09D7EA391E8F71|1446494611|1446566399|1883258110|1682046230|54272 |56319
2600000 domain names:
2600000 domain names are to count the domain name that whole nation access PV number is greater than 3, the domain other than 2,600,000 according to original DNS log Name reference value is negligible.
Bloom filter:
2,600,000 domain names are loaded by memory and not only consume a large amount of memories, and are judging whether a DNS data belongs to When 2600000 domain name section, circulation character string comparison efficiency is very low, by Bloom filter algorithm, can substantially reduce domain name Whether is effectively judged the time.
DNS retains log:
User account | domain name | PV | access time point mean value | access time point variance
PV:
The number of access domain name on the day of user.
UV:
The number of users of same day access website.
Remarks: the format that different DNS manufacturers and Radius manufacturer generate is slightly different, list here be DNS, The basic information of Radius, all DNS, Radius can save above-mentioned field.
From the point of view of to original DNS log analysis result, the original DNS of storage is the original note that user requests behavior Record, without corresponding logical message, the core of this programme is to save effective DNS information by logical process and extension calculates As a result, the result of final output only accounts for the 1/300 of original DNS log, storage cost is greatly reduced.
Wherein, as shown in Figure 1, a kind of DNS log compression method, comprising:
Step 1) obtains domain name system DNS original log, includes: source IP address, source port, destination IP in the original log Address, destination port, ID, domain name addresses, request type, parsing result, parsing time, status code, request or response message;
Step 2) according in DNS source IP address, request port match Radius log in the IP address authentication information, Radius journal format includes:
User account, on-line time, downtime, outer net IP, Intranet IP, outer net both port of origination and outer net terminate port, Wherein, in the state pause judgments port range of Radius, the DNS information is just effective for the request port of only DNS;
Step 3) judges whether the domain name of the DNS belongs to 2,600,000 domain names using Bloom filter method:
Step 4) then analyzes the DNS original log as the DNS belonged in above 2,600,000 domain name, and matches User account calculates PV, access time point mean value, access time point variance, and final a plurality of record is merged into a record, Leave out original log simultaneously.
This invention takes after above scheme, in conjunction with DNS log, Radius log, DNS log, to realize DNS original Beginning data are more than the reduction of 100 orders of magnitude, while ensure that the value of data while DNS data amount is greatly reduced, tool There is good technical effect.
Embodiment two:
Preferably, in step 2), when the state pause judgments port that the request port of DNS information corresponds to Radius log is 0 When, illustrate that the IP address uses all of the port of outer net IP, directly saves the DNS information.
Also, in step 4), DNS is retained in log, is specifically included:
User account, domain name, PV, access time point mean value, access time point variance.
Further, it is preferred that further comprising in step 4): being directed to a certain user, pass through domain name access information Connecting method only retains a record that is, by way of the filtering of duplicate message.
Further, it is preferred that calculating PV, access time point mean value, access time point variance in step 4) and specifically wrapping It includes:
It is number that user accesses a certain network address that PV value is corresponding;
Mean value is the sum of the number of minutes of user's each access time apart from same day 00:00/PV, calculation formula: (X1+X2+ ... +Xn)/PV;
Variance is the standard deviation square value of user's access time point and average time point, calculation formula: ((X1-M) ^2+ (X2- M) ^2+ ...+(Xn-M) * 2)/n, wherein n=PV.
Embodiment three:
In a specific embodiment, this method specifically includes:
According in DNS source IP address, request port match Radius log in the IP address authentication information, only The request port of DNS in the state pause judgments port range of Radius (when the starting of Radius, terminate port be all 0 when, explanation The IP address uses all of the port of outer net IP), the DNS information is just effective, and by taking user A as an example, user A has in one day 12 " www.baidu.com " domain name request DNS logs, time interval are 1 hour, as follows from early 8 points to 5 points of evening.
219.141.159.146|11764|219.141.159.146|53|11616|www.baidu.com|A|| 20151028080000.176|0|q
219.141.159.146|11764|219.141.159.146|53|11736|www.baidu.com|A|| 20151028090000.321|0|q
219.141.159.146|11764|219.141.159.146|53|13211|www.baidu.com|A|| 20151028100000.390|0|q
219.141.159.146|11764|219.141.159.146|53|17141|www.baidu.com|A|| 20151028110000.002|0|q
219.141.159.146|11764|219.141.159.146|53|20171|www.baidu.com|A|| 20151028120000.586|0|q
219.141.159.146|11764|219.141.159.146|53|24079|www.baidu.com|A|| 20151028130000.227|0|q
219.141.159.146|11764|219.141.159.146|53|25322|www.baidu.com|A|| 20151028140000.131|0|q
219.141.159.146|11764|219.141.159.146|53|26015|www.baidu.com|A|| 20151028150000.856|0|q
219.141.159.146|11764|219.141.159.146|53|29132|www.baidu.com|A|| 20151028160000.986|0|q
219.141.159.146|11764|219.141.159.146|53|29825|www.baidu.com|A|| 20151028170000.232|0|q
In Radius, there is the Radius authentication information of the user, authentication information is as follows:
048078206A09D7EA391E8F71|1445983200|1446033600|3683491730|0|0|0
Whether the domain name that DNS is calculated by Bloom filter belongs in 2,600,000 domain names.
It matches user, calculate PV, mean value, variance, final 10 records are merged into a record:
048078206A09D7EA391E8F71|14ED|10|750|29700
Illustrate:
In order to reduce storage cost, each domain name can correspond to the integer value of 16 systems, www.baidu.com here Corresponding 14ED.
Corresponding PV value is that user accesses www.baidu.com number.
Mean value is the sum of the number of minutes of user's each access time apart from same day 00:00/PV, calculation formula: (X1+X2+ ... +Xn)/PV
Variance is the standard deviation square value of user's access time point and average time point, calculation formula: ((X1-M) ^2+ (X2- M) ^2+ ...+(Xn-M) * 2)/n, wherein n=PV;
Delete original DNS log.
For a user, by the connecting method of domain name access information, only retain a record, following format
048078206A09D7EA391E8F71|www.baidu.com|10|750|29700|www.tmall.com|20| 350|9700
By above description as can be seen that this scheme bring benefit has these points:
2600000 domain names only save portion, the integer value of corresponding 16 systems of each domain name.
Each user only deposits a record, and domain name is replaced using shaping value in record, greatly reduces memory space.
In the case where storage largely reduces, any effective calculating data are not lost, such as to calculate The UV and PV of www.baidu.com, it is only necessary to user's duplicate removal of access www.baidu.com can be calculated UV value, institute There is the PV of access www.baidu.com user to stack up the PV value on the day of being www.baidu.com.
Example IV:
Corresponding with above method, the present invention also provides a kind of DNS log compression devices, comprising:
Log acquisition unit obtains domain name system DNS original log, includes: source IP address, source in the original log Mouth, purpose IP address, destination port, ID, domain name addresses, request type, parsing result, parsing the time, status code, request or Response message;
Log matches unit, according in DNS source IP address, the IP address is recognized in request port match Radius log Information is demonstrate,proved, Radius journal format includes:
User account, on-line time, downtime, outer net IP, Intranet IP, outer net both port of origination and outer net terminate port, Wherein, in the state pause judgments port range of Radius, the DNS information is just effective for the request port of only DNS;
Log analysis unit, judges whether the domain name of the DNS belongs to 2,600,000 domain names;
As the DNS belonged in above 2,600,000 domain name, then the DNS original log is analyzed, and match user, PV, access time point mean value, access time point variance are calculated, final a plurality of record (such as 10) is merged into a record, Leave out original log simultaneously.
Further, it is preferred that the log matches unit, is further used for when the request port of DNS information is corresponding When the state pause judgments port of Radius log is 0, illustrate that the IP address uses all of the port of outer net IP, directly saving should Item DNS information.
Further, it is preferred that the log analysis unit, further retains in log in DNS, specifically includes:
User account, domain name, PV, access time point mean value, access time point variance.
Further, it is preferred that the log analysis unit is believed further directed to a certain user by domain name access The connecting method of breath only retains a record.
Further, it is preferred that the log analysis unit, calculates PV, access time point mean value, access time point side Difference specifically includes:
It is number that user accesses a certain network address that PV value is corresponding;
Mean value is the sum of the number of minutes of user's each access time apart from same day 00:00/PV, calculation formula: (X1+X2+ ... +Xn)/PV;
Variance is the standard deviation square value of user's access time point and average time point, calculation formula: ((X1-M) ^2+ (X2- M) ^2+ ...+(Xn-M) * 2)/n, wherein n=PV.
This invention takes after above scheme, in conjunction with DNS log, Radius log, DNS log is retained, so that DNS is former Beginning data realize the reduction more than 100 orders of magnitude, while ensure that the valence of data while DNS data amount is greatly reduced Value has good technical effect.
It should be noted that for simple description, therefore, it is stated as a series of for above method embodiment Combination of actions, but those skilled in the art should understand that, the application is not limited by the described action sequence because According to the application, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know It knows, the embodiments described in the specification are all preferred embodiments, related actions and modules not necessarily the application It is necessary.
It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application Apply the form of example.
Finally, it should be noted that the foregoing is only a preferred embodiment of the present invention, it is not intended to restrict the invention, Although the present invention is described in detail referring to the foregoing embodiments, for those skilled in the art, still may be used To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features. All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should be included in of the invention Within protection scope.

Claims (10)

1. a kind of DNS log compression method characterized by comprising
Step 1) obtains domain name system DNS original log, includes: source IP address, source port, destination IP in the original log Location, destination port, ID, domain name, request type, parsing result, parsing time, status code, request or response message;
Step 2) according in DNS source IP address, request port match Radius log in the IP address authentication information, Radius journal format includes:
User account, on-line time, downtime, outer net IP, Intranet IP, outer net both port of origination and outer net terminate port, wherein In the state pause judgments port range of Radius, the DNS information is just effective for the request port of only DNS;
Step 3) judges whether the domain name of the DNS belongs to 2,600,000 domain names using Bloom filter method;
2600000 domain names are to count the domain name that whole nation access PV number is greater than 3 according to original DNS log;
Step 4) then analyzes the DNS original log as the DNS belonged in above 2,600,000 domain name, and matches user Account calculates page browsing amount PV, access time point mean value, access time point variance, and final a plurality of record is merged into one Record, while leaving out original log.
2. DNS log compression method according to claim 1, which is characterized in that in step 2), when the request of DNS information Port correspond to Radius log state pause judgments port be 0 when, illustrate that the IP address uses all of the port of outer net IP, directly It connects and saves the DNS information.
3. DNS log compression method according to claim 1, which is characterized in that in step 4), DNS is retained in log, tool Body includes:
User account, domain name, PV, access time point mean value, access time point variance.
4. DNS log compression method according to claim 1, which is characterized in that in step 4), further comprise: being directed to A certain user only retains a record by the connecting method of domain name access information.
5. DNS log compression method according to claim 1, which is characterized in that in step 4), calculate PV, access time Point mean value, access time point variance specifically include:
It is number that user accesses a certain network address that PV value is corresponding;
Mean value is the sum of the number of minutes of user's each access time apart from same day 00:00/PV, calculation formula: (X1+X2+ ...+ Xn)/PV;
Variance is the standard deviation square value of user's access time point and average time point, calculation formula: ((X1-M) ^2+ (X2-M) ^2 + ...+(Xn-M) * 2)/n, wherein n=PV.
6. a kind of DNS log compression device characterized by comprising
Log acquisition unit obtains domain name system DNS original log, includes: source IP address, source port, mesh in the original log IP address, destination port, ID, domain name, request type, parsing result, parsing time, status code, request or response message;
Log matches unit, according in DNS source IP address, request port match Radius log in the IP address certification believe Breath, Radius journal format include:
User account, on-line time, downtime, outer net IP, Intranet IP, outer net both port of origination and outer net terminate port, wherein In the state pause judgments port range of Radius, the DNS information is just effective for the request port of only DNS;
Log analysis unit, for judging whether the domain name of the DNS belongs to 2,600,000 domain names using Bloom filter method;
2600000 domain names are to count the domain name that whole nation access PV number is greater than 3 according to original DNS log;
As the DNS belonged in above 2,600,000 domain name, then the DNS original log is analyzed, and matches user, calculates Page browsing amount PV, access time point mean value, access time point variance, final a plurality of record are merged into a record, simultaneously Leave out original log.
7. DNS log compression device according to claim 6, which is characterized in that the log matches unit is further used When the state pause judgments port that the request port when DNS information corresponds to Radius log is 0, it is outer to illustrate that the IP address uses The all of the port for netting IP, directly saves the DNS information.
8. DNS log compression device according to claim 6, which is characterized in that the log analysis unit, further It retains in log, specifically includes in DNS:
User account, domain name, PV, access time point mean value, access time point variance.
9. DNS log compression device according to claim 6, which is characterized in that the log analysis unit, further needle To a certain user, by the connecting method of domain name access information, only retain a record.
10. DNS log compression device according to claim 6, which is characterized in that the log analysis unit, calculating PV, Access time point mean value, access time point variance specifically include:
It is number that user accesses a certain network address that PV value is corresponding;
Mean value is the sum of the number of minutes of user's each access time apart from same day 00:00/PV, calculation formula: (X1+X2+ ...+ Xn)/PV;
Variance is the standard deviation square value of user's access time point and average time point, calculation formula: ((X1-M) ^2+ (X2-M) ^2 + ...+(Xn-M) * 2)/n, wherein n=PV.
CN201610051795.8A 2016-01-27 2016-01-27 A kind of DNS log compression method and apparatus Active CN105554181B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610051795.8A CN105554181B (en) 2016-01-27 2016-01-27 A kind of DNS log compression method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610051795.8A CN105554181B (en) 2016-01-27 2016-01-27 A kind of DNS log compression method and apparatus

Publications (2)

Publication Number Publication Date
CN105554181A CN105554181A (en) 2016-05-04
CN105554181B true CN105554181B (en) 2019-03-26

Family

ID=55833113

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610051795.8A Active CN105554181B (en) 2016-01-27 2016-01-27 A kind of DNS log compression method and apparatus

Country Status (1)

Country Link
CN (1) CN105554181B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106599222B (en) * 2016-12-19 2020-09-04 广州四三九九信息科技有限公司 Method and equipment for processing logs in streaming parallel
CN108989484A (en) * 2018-08-07 2018-12-11 北京奇安信科技有限公司 A kind of compression and storage method and device of domain name system DNS log
EP3961414B1 (en) * 2018-12-04 2023-07-05 Hong Kong Sunstar Technology Co., Limited Method and apparatus for processing time records
CN111159129A (en) * 2019-12-31 2020-05-15 北京神州绿盟信息安全科技股份有限公司 Statistical method and device for log report

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101163046A (en) * 2007-11-22 2008-04-16 北京金山软件有限公司 Distributed website log data acquisition method and distributed website system
CN101320348A (en) * 2008-06-25 2008-12-10 中兴通讯股份有限公司 Log function implementing method of embedded system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101163046A (en) * 2007-11-22 2008-04-16 北京金山软件有限公司 Distributed website log data acquisition method and distributed website system
CN101320348A (en) * 2008-06-25 2008-12-10 中兴通讯股份有限公司 Log function implementing method of embedded system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"一种高效的DNS日志压缩算法";王艳峰等,;《计算机工程》;20100831;第36卷(第15期);全文

Also Published As

Publication number Publication date
CN105554181A (en) 2016-05-04

Similar Documents

Publication Publication Date Title
CN105554181B (en) A kind of DNS log compression method and apparatus
CN100591078C (en) A website buffering method and device
CN107733972A (en) A kind of short linking analytic method, device and equipment
CN103118007B (en) A kind of acquisition methods of user access activity and system
CN108052675A (en) Blog management method, system and computer readable storage medium
CN103338249B (en) Caching method and device
CN102737065B (en) Method and device for acquiring data
CN106059847B (en) A kind of user's brush single act detection method and device
CN103095819A (en) Data information pushing method and data information pushing system
CN104391868B (en) The device and method of dynamic page static
CN103873307B (en) For the method for PPPOE username and password backup-and-restores
CN104394211A (en) Hadoop-based user behavior analysis system design and implementation method
CN103297291A (en) Method and system for monitoring website real-time statuses
CN103179099B (en) A kind ofly access the uniform authentication method of open website platform and a kind of website platform
CN106227780A (en) Automatization's sectional drawing evidence collecting method of a kind of magnanimity webpage and system
CN103761102B (en) A kind of uniform data service platform and its implementation
CN102624918A (en) Proxy access method based on URL (Uniform Resource Locator) rewriting technique
WO2023011022A1 (en) Blockchain-based data processing method, and device and computer-readable storage medium
CN104239353A (en) WEB classification control and log auditing method
CN103513986B (en) A kind of method utilizing CGI technology to realize dynamic web server in without operating system equipment
CN108243207B (en) A kind of date storage method of network cloud disk
CN106980618B (en) File storage method and system based on MongoDB distributed cluster architecture
CN110989935A (en) Data processing and transmitting method and device of flash system
CN105677579B (en) Data access method in caching system and system
Wakup et al. Analyzing a TCP/IP-protocol with process mining techniques

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant