CN105939310A - File synchronization method and device based on multiple devices - Google Patents
File synchronization method and device based on multiple devices Download PDFInfo
- Publication number
- CN105939310A CN105939310A CN201510467498.7A CN201510467498A CN105939310A CN 105939310 A CN105939310 A CN 105939310A CN 201510467498 A CN201510467498 A CN 201510467498A CN 105939310 A CN105939310 A CN 105939310A
- Authority
- CN
- China
- Prior art keywords
- feature database
- intrusion prevention
- message
- leak feature
- version
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a file synchronization method and a file synchronization device based on multiple devices. The file synchronization method based on the multiple devices is applied to a network log management server which is in communication connection with one or more network intrusion prevention devices. The method comprises the steps of receiving an update prompting message sent by the network intrusion prevention device, wherein the update prompting message carries the version information of a first vulnerability feature library in the network intrusion prevention device; according to the version information of the first vulnerability feature library, judging that whether the version of the first vulnerability feature library is newer than that of a local second vulnerability feature library, and when a judgment result is yes, sending an update request to the network intrusion prevention device; receiving the first vulnerability feature library sent by the network intrusion prevention device according to the update request. The method achieves the automation of file synchronization among the multiple devices, is simple in operation, and meanwhile reduces technical risks generated by that manual operation is prone to cause leakage.
Description
Technical field
The application relates to technical field of network security, particularly to a kind of file synchronisation methods based on many equipment
And device.
Background technology
Along with the development of Internet technology, in the study that network application is user, work and live and bring
Increasing attack and means also get more and more the most simultaneously, and especially some are important
Network traffics node such as large enterprise's unit, government organs and operator etc., all suffer from big all the time
The threat of amount attack.Based on above-mentioned situation, majority of network flow node can be prevented by layout network intrusions
Imperial system is in order to defending against network attacks behavior.
At present, network intrusion prevention system is generally managed server by network intrusion prevention equipment and network log
Constituting, wherein, network intrusion prevention equipment is according to the leak feature database of local record, to attack
It is identified and defends;The log information of network log record management server attack is so that right
Network condition is analyzed and improves, additionally, also can generate analytical statement according to the log information of record.
Owing to network attack means emerge in an endless stream, therefore network intrusion prevention equipment leak feature database need and
Time include up-to-date leak feature in, to ensure stability and the safety of network.Once network intrusion prevention sets
The standby leak feature database that updates, it is special that supporting network log management server is also required to the corresponding leak of synchronized update
Levy storehouse information, the correctness of recognizability and analytical statement to ensure the log information on this server.
In prior art, use the mode of manual operation to ensure network intrusion prevention equipment and network log pipe
The synchronization of the leak feature database information of reason server.But, when the leak feature database of network intrusion prevention equipment
When updating more frequent, operate cumbersome, inefficient;Additionally, the mode of manual operation easily produces something lost
Leakage, the risk of synchronization failure is higher.
Summary of the invention
In view of this, the application provides a kind of file synchronisation method based on many equipment and device, it is achieved that many
The automatization of equipment room file synchronization, operates fairly simple, also reduces because manual operation is easily sent out simultaneously
The technical risk that life is omitted and produced.
Specifically, the application is achieved by the following technical solution:
A kind of based on many equipment the file synchronisation methods that the application provides, are applied to network log management service
Device, described network log management server and the foundation communication connection of one or more network intrusion prevention equipment,
Described method includes:
Receive the renewal prompting message that described network intrusion prevention equipment sends, wherein said renewal prompting message
In carry the version information of the first leak feature database in described network intrusion prevention equipment;
Version information according to described first leak feature database, it is judged that the version of the first leak feature database whether than
The version of local second leak feature database is new;
When judged result is for being, send more newly requested to described network intrusion prevention equipment;
Receive the described network intrusion prevention equipment the first leak feature database according to described more newly requested transmission.
A kind of detailed description of the invention provided according to the application, described reception described network intrusion prevention equipment is sent out
The renewal prompting message sent, including:
When described communication connection initially sets up, send inquiry message to described network intrusion prevention equipment;
Receive the renewal prompting message that described network intrusion prevention equipment sends according to described inquiry message.
A kind of detailed description of the invention provided according to the application, at described reception described network intrusion prevention equipment
After the step of the first leak feature database according to described more newly requested transmission, also include:
Delete described second leak feature database.
A kind of detailed description of the invention provided according to the application, described method also includes:
When judging the first leak feature database and the second leak feature database version is identical, to described network intrusions
Defensive equipment sends feedback message.
A kind of based on many equipment the file synchronisation methods that the application provides, are applied to network intrusion prevention equipment,
Described network intrusion prevention equipment sets up communication connection with network log management server, and described method includes:
Send to described network log management server and update prompting message, in wherein said renewal prompting message
Carry the version information of the first leak feature database;
Receive described network log management server and judge the first leak feature database according to described version information
Version newer than the version of local second leak feature database time send more newly requested;
According to described more newly requested, send the first leak feature database to described network log management server.
According to the application provide a kind of detailed description of the invention, described to described network log management server send out
Send renewal prompting message, including:
Receive the inquiry message that described network log management server sends when described communication connection initially sets up;
According to described inquiry message, send to described network log management server and update prompting message.
A kind of detailed description of the invention provided according to the application, described method also includes:
Receive described network log management server and judge the first leak feature database and the second leak feature database
The feedback message sent when version is identical.
A kind of based on many equipment the file synchronizer that the application provides, are applied to network log management service
Device, described network log management server and the foundation communication connection of one or more network intrusion prevention equipment,
Described device includes:
First message reception module, for receiving the renewal prompting message that described network intrusion prevention equipment sends,
Wherein said renewal prompting message carries the version of the first leak feature database in described network intrusion prevention equipment
This information;
Judge module, for the version information according to described first leak feature database, it is judged that the first leak feature
The version in storehouse is newer than the version of local second leak feature database;
Request sending module, in the case of the judged result at described judge module is for being, to described net
Network intrusion prevention equipment sends more newly requested;
Storehouse receiver module, for receiving described network intrusion prevention equipment according to the of described more newly requested transmission
One leak feature database.
A kind of detailed description of the invention provided according to the application, described first message reception module, including:
First message sends submodule, in the case of described communication connection initially sets up, to described net
Network intrusion prevention equipment sends inquiry message;
First message sink submodule, is used for receiving described network intrusion prevention equipment according to described inquiry message
The renewal prompting message sent.
A kind of detailed description of the invention provided according to the application, described device also includes:
Cleaning module, is used for deleting described second leak feature database.
A kind of detailed description of the invention provided according to the application, described device also includes:
First message transmission module, for judging the first leak feature database and the second leakage at described judge module
Under the feature database version same case of hole, send feedback message to described network intrusion prevention equipment.
A kind of based on many equipment the file synchronizer that the application provides, are applied to network intrusion prevention equipment,
Described network intrusion prevention equipment sets up communication connection with network log management server, and described device includes:
Second message transmission module, updates prompting message for sending to described network log management server,
Wherein said renewal prompting message carries the version information of the first leak feature database;
Request receiver module, is used for receiving described network log management server and is sentencing according to described version information
The version the first leak feature database that breaks sends more than under the version news of local second leak feature database
Newly requested;
Storehouse sending module, for according to described more newly requested, sends the to described network log management server
One leak feature database.
A kind of detailed description of the invention provided according to the application, described second message transmission module, including:
Second message sink submodule, is used for receiving described network log management server in described communication connection
The inquiry message sent in the case of initially setting up;
Second message sends submodule, for according to described inquiry message, to the management service of described network log
Device sends and updates prompting message.
A kind of detailed description of the invention provided according to the application, described device also includes:
Second message reception module, is used for receiving described network log management server and is judging the first leak
Feature database and the second leak feature database version identical in the case of send feedback message.
The technical scheme that application embodiments herein provides, once network intrusion prevention renewal of the equipment leak is special
Levying storehouse, this network intrusion prevention equipment will send more new information to supporting network log management server and carry
Show, with the synchronization of the leak feature database content of both realizations.
As can be seen here, the technical scheme provided when embodiments herein can include following beneficial effect:
Achieve the automatization of many equipment rooms file synchronization, operate fairly simple, also reduce because of hands simultaneously
The technical risk that dynamic processing ease occurs to omit and produces.
Accompanying drawing explanation
Fig. 1 is a kind of based on many equipment the file synchronisation methods application shown in the application one exemplary embodiment
Scene graph.
Fig. 2 is a kind of based on many equipment the file synchronisation method flow processs shown in the application one exemplary embodiment
Figure.
Fig. 3 is file synchronisation method based on the many equipment stream of the another kind shown in the application one exemplary embodiment
Cheng Tu.
Fig. 4 is file synchronizer places based on the many equipment equipment shown in the application one exemplary embodiment
A kind of hardware structure diagram.
Fig. 5 is a kind of based on many equipment the file synchronizer block diagrams shown in the application one exemplary embodiment.
Fig. 6 is file synchronizer based on the many equipment frame of the another kind shown in the application one exemplary embodiment
Figure.
Detailed description of the invention
Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Following retouches
Stating when relating to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous key element.
Embodiment described in following exemplary embodiment does not represent all embodiment party consistent with the application
Formula.On the contrary, they only with describe in detail in appended claims, the application some in terms of mutually one
The example of the apparatus and method caused.
It is only merely for describing the purpose of specific embodiment at term used in this application, and is not intended to be limiting this
Application." a kind of ", " described " of singulative used in the application and appended claims
" it is somebody's turn to do " be also intended to include most form, unless context clearly shows that other implications.It is also understood that
Term "and/or" used herein refer to and comprise any of one or more project of listing being associated or
Likely combine.
Although should be appreciated that may use term first, second, third, etc. to describe various letter in the application
Breath, but these information should not necessarily be limited by these terms.These terms are only used for same type of information district each other
Separately.Such as, in the case of without departing from the application scope, the first information can also be referred to as the second information,
Similarly, the second information can also be referred to as the first information.Depend on linguistic context, word as used in this
" if " can be construed to " ... time " or " when ... time " or " in response to determining ".
Along with network application is increasingly goed deep in the life of people, work, various network attacks also emerge in an endless stream,
Especially some important network traffics nodes, such as large enterprise's unit, government organs, operator etc.,
All the time all suffer from substantial amounts of network attack to threaten.In this case, to network intrusion prevention equipment
Have higher requirement:
On the one hand, network intrusion prevention equipment to defend substantial amounts of network attack, for convenience to network every day
Situation is analyzed and improves, and these information attacked allow for recording in the way of attack logs.
And due to a large amount of generations of attack logs, the daily record amount such as some catenets nodes every day can reach million very
To millions, it is desirable to have enough memory spaces store, and analytical statement can be generated for the information of attack,
It is thus desirable to be equipped with special high performance network log management server.
On the other hand, having every day the network attack of new type to produce, the leak of network intrusion prevention equipment is special
Levy storehouse to must be able to include up-to-date leak feature timely in, to ensure stability and the safety of network.And net
Network intrusion prevention equipment is after have updated leak feature database, and supporting network log management server is also required to
Can the up-to-date leak characteristic information of synchronized update, to ensure the recognizability of the log information on this server
Correctness with analytical statement.Network intrusion prevention equipment and network log management server together constitute net
Network intrusion prevention system, in order to defending against network attacks, safeguards the safety of network.
But, when issuing new leak feature database, it is required to manual operation to ensure network intrusions the most every time
The synchronization of the leak feature database information on defensive equipment and network log management server, operates comparatively laborious,
And easily produce leakage operation.In order to solve the problems referred to above, the embodiment of the present application provides a kind of based on many equipment
File synchronisation method and device.
Scheme for the ease of providing the application on the whole understands, the first applied field to the application
Scape is introduced.
As it is shown in figure 1, a kind of based on many equipment the file synchronization sides shown in the application one exemplary embodiment
Method application scenarios figure, this application scenarios includes: a network log management server and N platform network intrusions
Defensive equipment, wherein, all there is management with network log management server and close in every network intrusion prevention equipment
System and holding communication connection.
Next a kind of based on many equipment the file synchronisation methods provided the application are introduced.
As in figure 2 it is shown, a kind of based on many equipment the file synchronization sides shown in the application one exemplary embodiment
Method, is applied to network log management server, described network log management server and one or more network
Intrusion prevention equipment sets up communication connection, and described method may include that
In step 201, receive network intrusion prevention equipment send renewal prompting message, wherein said more
New prompting message carries the version information of the first leak feature database in described network intrusion prevention equipment.
It should be noted that the first leak feature database in this step can be the leak feature database of latest edition.
Network log management server in the application only can set up management with a network intrusion prevention equipment
Relation, it is also possible to simultaneously set up administrative relationships with multiple stage network intrusion prevention equipment.In actual applications, may be used
With the configuration information such as storage performance according to network log management server, several network intrusions of management are selected to prevent
Imperial equipment.Additionally, the network log management server in the application communicates to connect with network intrusion prevention equipment
Mode may include that wired connection mode, and/or radio connection, as WiFi connects.
In the case of network log management server sets up administrative relationships with multiple stage network intrusions equipment, this net
Network log management server can receive the renewal prompting message that multiple stage network intrusion prevention equipment sends.
The version information of leak feature database in the application, may include that the title of leak feature database, version number,
Attribute, description information etc..
For the situation of management multiple stage network intrusion prevention equipment, the network log management server in the application
The renewal prompting message that each network intrusion prevention equipment sends can be identified.Specific implementation,
May include that the network log management server in the application is in advance by the mark of each network intrusion prevention equipment
The version information of knowledge information and multiple leak feature database is stored in this locality in the way of tables of data, carries owing to updating
Show device identification and the version information of leak feature database carrying message sender in message, therefore receiving
After more new information, can be identified by the way of coupling of tabling look-up.One network intrusions of management is prevented
The situation of imperial equipment, message recognition method is similar to the situation of multiple stage, and the embodiment of the present application does not repeats them here.
In step 202., according to the version information of described first leak feature database, it is judged that the first leak feature
The version in storehouse is newer than the version of local second leak feature database.
It should be noted that the second leak feature database in the application step and the first leak in step 201
The type of feature database is identical.
Understanding from the description content of step 201, the network log management server in the application can be from more
The version information that new prompting message carries identifies the version such as version number of the first leak feature database.Identifying
After going out the version of aforementioned first leak feature database, by the version of the first leak feature database and this server local the
The version of two leak feature databases compares.In actual applications, can be by the version of the first leak feature database
The version number of version number and this server local the second leak feature database compare, thus judge that network enters
Invade the version of the first leak feature database in defensive equipment newer than the version of local second leak feature database.
Version number's label system of such as leak feature database is ascending order coding, i.e. the biggest storehouse of version number is the newest, net
In network intrusion prevention equipment, the version number of the version of the first leak feature database is v5, network log management server
The version number of the version of local second leak feature database is v4, then the first leakage in explanation network intrusion prevention equipment
The version of hole feature database is high.
In step 203, when the judged result of step 202 is for being, set to described network intrusion prevention
Preparation is sent more newly requested.
More newly requested for asking the first leak feature database in described network intrusion prevention equipment in the application
Content.
In view of the compatibility in storehouse, in the application step, can be whole to network intrusion prevention device request
First leak feature database;For having the leak feature database of forward compatibility, can set to network intrusion prevention
The standby leak feature only asking to increase relative to the second leak feature database in the first leak feature database, the application is real
Execute example this is not construed as limiting.
In step 204, described network intrusion prevention equipment is received according to the of described more newly requested transmission
One leak feature database.
For asking the situation of whole first leak feature database, can be directly the first leak feature received
Library storage is to this server local.
For only asking the situation of the part leak feature in the first leak feature database, the leakage that can will receive
Hole feature integration is in the leak feature database of corresponding old edition.
As can be seen here, the file synchronisation methods based on many equipment that the embodiment of the present application provides, net can be received
The renewal prompting message that network intrusion prevention equipment sends, and according to updating the first leak carried in prompting message
The version information of feature database, it is judged that whether ratio is in network log management server for the version of the first leak feature database
The version of the second leak feature database is new, if it is, send more newly requested to network intrusion prevention equipment, receives
Network intrusion prevention equipment is according to the first leak feature database of more newly requested transmission.
Compared with prior art, technical scheme achieves the automatization of many equipment rooms file synchronization, behaviour
Make comparisons simple, also reduce the technical risk produced because manual operation is susceptible to omit simultaneously.
When setting up communication connection due to network log management server first with network intrusion prevention equipment, this net
Network log management server does not stores leak feature database, or the leak feature database that storage version is relatively low sometimes.
In order to ensure the leak feature of network log management server and the leak feature database of network intrusion prevention equipment
Synchronization, in another embodiment of the application, above-mentioned steps 201, may include that
When described communication connection initially sets up, send inquiry message to described network intrusion prevention equipment;Its
Described in inquire in message the version information carrying the first leak feature database.
Receive the renewal prompting message that described network intrusion prevention equipment sends according to described inquiry message.
The advantage of the embodiment of the present application is, it is to avoid when setting up administrative relationships first, and network log manages
The generation of the leak feature out of step conditions of server and network intrusion prevention equipment.
In another embodiment of the application, the file synchronization based on many equipment that the embodiment of the present application provides
Method can increase following steps on the basis of preceding method embodiment:
After above-mentioned steps 204, delete described second leak feature database.
Or, after above-mentioned steps 204, delete the version similar all leakages less than the first leak feature database
Hole feature database.
The advantage of the embodiment of the present application is, by the leak feature database of old (low) version is cleared up,
The memory space shared by library file that release utilization rate is relatively low, improves the utilization rate of storage resource.
In another embodiment of the application, the file synchronization based on many equipment that the embodiment of the present application provides
Method can increase following steps on the basis of preceding method embodiment:
When judging the first leak feature database and the second leak feature database version is identical, to described network intrusions
Defensive equipment sends feedback message.
Can take it is understood that network intrusion prevention equipment sends data to network log management server
Network bandwidth resources, if network intrusion prevention equipment always sends useless to network log management server
Update prompting message, then can affect the treatment effeciency of both sides, waste the network bandwidth.The embodiment of the present application is passed through
Send feedback message to network intrusion prevention equipment, with prompting and help operation maintenance personnel, message transmitter system is entered
Row improves.
As it is shown on figure 3, a kind of based on many equipment the file synchronization sides shown in the application one exemplary embodiment
Method, is applied to network intrusion prevention equipment, and described network intrusion prevention equipment manages server with network log
Setting up communication connection, described method may include that
In step 301, send to described network log management server and update prompting message, wherein said
Update the version information carrying the first leak feature database in prompting message.
Network intrusion prevention equipment in the application has the function of the local leak feature database of detection automatically, permissible
It is monitoring in real time, it is also possible to be to be periodically detected.In actual applications, can take in correlation technique any
A kind of technology being capable of above-mentioned functions, this is not limited by the embodiment of the present application.
The version information of the leak feature database in the application, may include that the title of leak feature database, version
Number, attribute, description information etc..
In step 302, receive described network log management server judging according to described version information
Send when the version of the first leak feature database is newer than the version of local second leak feature database is more newly requested.
In step 303, according to described more newly requested, send first to described network log management server
Leak feature database.
As can be seen here, the file synchronisation methods based on many equipment that the embodiment of the present application provides, detecting this
After ground the first leak feature database updates, can send to network log management server and carry the first leak spy
Levy the renewal prompting message of storehouse version information, receive network log management server according to described version information
Judge to send when the version of the first leak feature database is newer than the version of this server local the second leak feature database
More newly requested, according to more newly requested to network log manage server the first leak feature database.
Compared with prior art, technical scheme achieves the automatization of many equipment rooms file synchronization, behaviour
Make comparisons simple, also reduce the technical risk produced because manual operation is susceptible to omit simultaneously.
In another embodiment of the application, above-mentioned steps 301, may include that
Receive the inquiry message that described network log management server sends when described communication connection initially sets up;
Wherein said inquiry message carries the version information of the first leak feature database.
According to described inquiry message, send to described network log management server and update prompting message.
The advantage of the embodiment of the present application is, can send inquiry message to network intrusion prevention equipment, from
And avoid when communication connection initially sets up, network log management server and network intrusion prevention equipment
The generation of leak feature out of step conditions.
In another embodiment of the application, the file synchronization based on many equipment that the embodiment of the present application provides
Method can increase following steps in aforementioned applications on the basis of the embodiment of the method for network intrusion prevention equipment:
Receive described network log management server and judge the first leak feature database and the second leak feature database
The feedback message sent when version is identical.
The advantage of the embodiment of the present application is, can pass through to send feedback message to network intrusion prevention equipment,
With prompting and help operation maintenance personnel, message transmitter system is improved.
Corresponding with the embodiment of aforementioned file synchronisation methods based on many equipment, present invention also provides based on
The embodiment of the file synchronizer of many equipment.
The embodiment of the application file synchronizer based on many equipment can be applied at intermediate equipment or controller
On.Device embodiment can be realized by software, it is also possible to real by the way of hardware or software and hardware combining
Existing.As a example by implemented in software, as the device on a logical meaning, it it is the process by its place equipment
Computer program instructions corresponding in nonvolatile memory is read and runs formation in internal memory by device.From firmly
For part aspect, as shown in Figure 4, for the one of the application file synchronizer based on many equipment place equipment
Plant hardware structure diagram, except the processor shown in Fig. 4, internal memory, network interface and non-volatile memories
Outside device, in embodiment, the equipment at device place generally can also include other hardware, repeats no more this.
As it is shown in figure 5, a kind of based on many equipment the file synchronization dress shown in the application one exemplary embodiment
Put, be applied to network log management server, described network log management server and one or more network
Intrusion prevention equipment sets up communication connection, and described device may include that
First message reception module 501, for receiving the renewal prompting message that network intrusion prevention equipment sends,
Wherein said renewal prompting message carries the version of the first leak feature database in described network intrusion prevention equipment
This information;
Judge module 502, for the version information according to described first leak feature database, the first leak feature database
Version newer than the version of local second leak feature database;
Request sending module 503, in the case of the judged result at described judge module 502 is for being, to
Described network intrusion prevention equipment sends more newly requested;
Storehouse receiver module 504, for receiving described network intrusion prevention equipment according to described more newly requested transmission
First leak feature database.
As can be seen here, the file synchronizer based on many equipment that the embodiment of the present application provides, net can be received
The renewal prompting message that network intrusion prevention equipment sends, and according to updating the first leak carried in prompting message
The version information of feature database, it is judged that whether ratio is in network log management server for the version of the first leak feature database
The version of the second leak feature database is new, if it is, send more newly requested to network intrusion prevention equipment, receives
Network intrusion prevention equipment is according to the first leak feature database of more newly requested transmission.
Compared with prior art, technical scheme achieves the automatization of many equipment rooms file synchronization, behaviour
Make comparisons simple, also reduce the technical risk produced because manual operation is susceptible to omit simultaneously.
In another embodiment of the application, above-mentioned first message reception module 501, may include that
First message sends submodule, in the case of described communication connection initially sets up, to described net
Network intrusion prevention equipment sends inquiry message;
First message sink submodule, is used for receiving described network intrusion prevention equipment according to described inquiry message
The renewal prompting message sent.
In another embodiment of the application, the file synchronization based on many equipment that the embodiment of the present application provides
Device, it is also possible to increase such as lower module on the basis of aforementioned means embodiment:
Cleaning module, is used for deleting described second leak feature database.
In another embodiment of the application, the file synchronization based on many equipment that the embodiment of the present application provides
Device, it is also possible to increase such as lower module on the basis of aforementioned means embodiment:
First message transmission module, for judging the first leak feature database and the second leakage at described judge module
Under the feature database version same case of hole, send feedback message to described network intrusion prevention equipment.
Corresponding with the embodiment of the file synchronisation methods based on many equipment shown in earlier figures 3, the application is also
Provide the embodiment of a kind of file synchronizer based on many equipment.
As shown in Figure 6, a kind of based on many equipment the file synchronization dress shown in the application one exemplary embodiment
Putting, be applied to network intrusion prevention equipment, described network intrusion prevention equipment manages server with network log
Setting up communication connection, described device may include that
Second message transmission module 601, updates prompting message for sending to described network log management server,
Wherein said renewal prompting message carries the version information of the first leak feature database;
Request receiver module 602, is used for receiving described network log management server according to described version information
Judge that the version of the first leak feature database is than transmission under the version news of local second leak feature database
More newly requested;
Storehouse sending module 603, for according to described more newly requested, sends to described network log management server
First leak feature database.
As can be seen here, the file synchronizer based on many equipment that the embodiment of the present application provides, detecting this
After ground the first leak feature database updates, can send to network log management server and carry the first leak spy
Levy the renewal prompting message of storehouse version information, receive network log management server according to described version information
Judge to send when the version of the first leak feature database is newer than the version of this server local the second leak feature database
More newly requested, according to more newly requested to network log manage server the first leak feature database.
Compared with prior art, technical scheme achieves the automatization of many equipment rooms file synchronization, behaviour
Make comparisons simple, also reduce the technical risk produced because manual operation is susceptible to omit simultaneously.
In another embodiment of the application, above-mentioned second message transmission module 601, may include that
Second message sink submodule, is used for receiving described network log management server in described communication connection
The inquiry message sent in the case of initially setting up;
Second message sends submodule, for according to described inquiry message, to the management service of described network log
Device sends and updates prompting message.
In another embodiment of the application, the file synchronization based on many equipment that the embodiment of the present application provides
Device can also increase such as lower mold on the basis of the device embodiment of network intrusion prevention equipment in aforementioned applications
Block:
Second message reception module, is used for receiving described network log management server and is judging the first leak
Feature database and the second leak feature database version identical in the case of send feedback message.
In said apparatus, the function of unit and the process that realizes of effect specifically refer to corresponding step in said method
Rapid realizes process, does not repeats them here.
For device embodiment, owing to it corresponds essentially to embodiment of the method, so relevant part sees
The part of embodiment of the method illustrates.Device embodiment described above is only schematically, wherein
The described unit illustrated as separating component can be or may not be physically separate, as unit
The parts of display can be or may not be physical location, i.e. may be located at a place, or also may be used
To be distributed on multiple NE.Some or all of module therein can be selected according to the actual needs
Realize the purpose of the application scheme.Those of ordinary skill in the art in the case of not paying creative work,
I.e. it is appreciated that and implements.
The foregoing is only the preferred embodiment of the application, not in order to limit the application, all in this Shen
Within spirit please and principle, any modification, equivalent substitution and improvement etc. done, should be included in this Shen
Within the scope of please protecting.
Claims (14)
1. a file synchronisation method based on many equipment, it is characterised in that be applied to network log management clothes
Business device, described network log management server and the foundation communication connection of one or more network intrusion prevention equipment,
Described method includes:
Receive the renewal prompting message that described network intrusion prevention equipment sends, wherein said renewal prompting message
In carry the version information of the first leak feature database in described network intrusion prevention equipment;
Version information according to described first leak feature database, it is judged that the version of the first leak feature database whether than
The version of local second leak feature database is new;
When judged result is for being, send more newly requested to described network intrusion prevention equipment;
Receive the described network intrusion prevention equipment the first leak feature database according to described more newly requested transmission.
Method the most according to claim 1, it is characterised in that the described network intrusion prevention of described reception
The renewal prompting message that equipment sends, including:
When described communication connection initially sets up, send inquiry message to described network intrusion prevention equipment;
Receive the renewal prompting message that described network intrusion prevention equipment sends according to described inquiry message.
Method the most according to claim 1, it is characterised in that prevent at the described network intrusions of described reception
After imperial equipment is according to the step of the first leak feature database of described more newly requested transmission, also include:
Delete described second leak feature database.
Method the most according to claim 1, it is characterised in that described method also includes:
When judging the first leak feature database and the second leak feature database version is identical, to described network intrusions
Defensive equipment sends feedback message.
5. a file synchronisation method based on many equipment, it is characterised in that be applied to network intrusion prevention and set
Standby, described network intrusion prevention equipment sets up communication connection, described method bag with network log management server
Include:
Send to described network log management server and update prompting message, in wherein said renewal prompting message
Carry the version information of the first leak feature database;
Receive described network log management server and judge the first leak feature database according to described version information
Version newer than the version of local second leak feature database time send more newly requested;
According to described more newly requested, send the first leak feature database to described network log management server.
Method the most according to claim 5, it is characterised in that described to described network log management clothes
Business device sends and updates prompting message, including:
Receive the inquiry message that described network log management server sends when described communication connection initially sets up;
According to described inquiry message, send to described network log management server and update prompting message.
Method the most according to claim 5, it is characterised in that described method also includes:
Receive described network log management server and judge the first leak feature database and the second leak feature database
The feedback message sent when version is identical.
8. a file synchronizer based on many equipment, it is characterised in that be applied to network log management clothes
Business device, described network log management server and the foundation communication connection of one or more network intrusion prevention equipment,
Described device includes:
First message reception module, for receiving the renewal prompting message that described network intrusion prevention equipment sends,
Wherein said renewal prompting message carries the version of the first leak feature database in described network intrusion prevention equipment
This information;
Judge module, for the version information according to described first leak feature database, it is judged that the first leak feature
The version in storehouse is newer than the version of local second leak feature database;
Request sending module, in the case of the judged result at described judge module is for being, to described net
Network intrusion prevention equipment sends more newly requested;
Storehouse receiver module, for receiving described network intrusion prevention equipment according to the of described more newly requested transmission
One leak feature database.
Device the most according to claim 8, it is characterised in that described first message reception module, bag
Include:
First message sends submodule, in the case of described communication connection initially sets up, to described net
Network intrusion prevention equipment sends inquiry message;
First message sink submodule, is used for receiving described network intrusion prevention equipment according to described inquiry message
The renewal prompting message sent.
Device the most according to claim 8, it is characterised in that described device also includes:
Cleaning module, is used for deleting described second leak feature database.
11. devices according to claim 8, it is characterised in that described device also includes:
First message transmission module, for judging the first leak feature database and the second leakage at described judge module
Under the feature database version same case of hole, send feedback message to described network intrusion prevention equipment.
12. 1 kinds of file synchronizer based on many equipment, it is characterised in that be applied to network intrusion prevention
Equipment, described network intrusion prevention equipment sets up communication connection, described device with network log management server
Including:
Second message transmission module, updates prompting message for sending to described network log management server,
Wherein said renewal prompting message carries the version information of the first leak feature database;
Request receiver module, is used for receiving described network log management server and is sentencing according to described version information
The version the first leak feature database that breaks sends more than under the version news of local second leak feature database
Newly requested;
Storehouse sending module, for according to described more newly requested, sends the to described network log management server
One leak feature database.
13. devices according to claim 12, it is characterised in that described second message transmission module,
Including:
Second message sink submodule, is used for receiving described network log management server in described communication connection
The inquiry message sent in the case of initially setting up;
Second message sends submodule, for according to described inquiry message, to the management service of described network log
Device sends and updates prompting message.
14. devices according to claim 12, it is characterised in that described device also includes:
Second message reception module, is used for receiving described network log management server and is judging the first leak
Feature database and the second leak feature database version identical in the case of send feedback message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510467498.7A CN105939310A (en) | 2015-07-31 | 2015-07-31 | File synchronization method and device based on multiple devices |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510467498.7A CN105939310A (en) | 2015-07-31 | 2015-07-31 | File synchronization method and device based on multiple devices |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105939310A true CN105939310A (en) | 2016-09-14 |
Family
ID=57152740
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510467498.7A Pending CN105939310A (en) | 2015-07-31 | 2015-07-31 | File synchronization method and device based on multiple devices |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105939310A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108881463A (en) * | 2018-07-03 | 2018-11-23 | 佛山市影腾科技有限公司 | A kind of information comparison method and device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050076245A1 (en) * | 2003-10-03 | 2005-04-07 | Enterasys Networks, Inc. | System and method for dynamic distribution of intrusion signatures |
CN101159539A (en) * | 2007-11-20 | 2008-04-09 | 中国人民解放军信息工程大学 | J2EE middleware criterion based tolerant inbreak application server and tolerant inbreak method |
CN101272254A (en) * | 2008-05-09 | 2008-09-24 | 华为技术有限公司 | Method for generating attack characteristic database, method for preventing network attack and device thereof |
CN101478429A (en) * | 2009-02-10 | 2009-07-08 | 杭州华三通信技术有限公司 | Method, system and equipment for version upgrade |
CN102217337A (en) * | 2011-05-13 | 2011-10-12 | 华为终端有限公司 | Method, apparatus and mobile terminal for updating service content of unstructured supplementary service data |
-
2015
- 2015-07-31 CN CN201510467498.7A patent/CN105939310A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050076245A1 (en) * | 2003-10-03 | 2005-04-07 | Enterasys Networks, Inc. | System and method for dynamic distribution of intrusion signatures |
CN101159539A (en) * | 2007-11-20 | 2008-04-09 | 中国人民解放军信息工程大学 | J2EE middleware criterion based tolerant inbreak application server and tolerant inbreak method |
CN101272254A (en) * | 2008-05-09 | 2008-09-24 | 华为技术有限公司 | Method for generating attack characteristic database, method for preventing network attack and device thereof |
CN101478429A (en) * | 2009-02-10 | 2009-07-08 | 杭州华三通信技术有限公司 | Method, system and equipment for version upgrade |
CN102217337A (en) * | 2011-05-13 | 2011-10-12 | 华为终端有限公司 | Method, apparatus and mobile terminal for updating service content of unstructured supplementary service data |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108881463A (en) * | 2018-07-03 | 2018-11-23 | 佛山市影腾科技有限公司 | A kind of information comparison method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102577139B1 (en) | Smart contract-based data processing methods, devices, and storage media | |
US10013318B2 (en) | Distributed event correlation system | |
EP3152869B1 (en) | Real-time model of states of monitored devices | |
US9602530B2 (en) | System and method for predicting impending cyber security events using multi channel behavioral analysis in a distributed computing environment | |
US8239951B2 (en) | System, method and computer readable medium for evaluating a security characteristic | |
CN112765245A (en) | Electronic government affair big data processing platform | |
CN104640092B (en) | Identify the method for refuse messages, client, cloud server and system | |
CN101626368A (en) | Device, method and system for preventing web page from being distorted | |
CA2660054A1 (en) | Real-time identification of an asset model and categorization of an asset to assist in computer network security | |
CN111614696A (en) | Network security emergency response method and system based on knowledge graph | |
CN106254353A (en) | The update method of IPS strategy and device | |
CN111510463B (en) | Abnormal behavior recognition system | |
CN110808839B (en) | Processing method, device, equipment and medium for block chain abnormal data | |
CN114208114B (en) | Multi-view security context per participant | |
CN109981587A (en) | A kind of network security monitoring traceability system based on APT attack | |
CN110138731A (en) | A kind of network anti-attack method based on big data | |
CN106209799A (en) | A kind of method, system and dynamic firewall realizing dynamic network protection | |
US8117181B2 (en) | System for notification of group membership changes in directory service | |
CN108011870B (en) | A kind of remote software online upgrading information automatic identification management method | |
CN105978908A (en) | Non-real-time information website security protection method and apparatus | |
CN104954462A (en) | High-concurrency extensible smart home communication method and high-concurrency extensible smart home communication system | |
CN105939310A (en) | File synchronization method and device based on multiple devices | |
CN114826790B (en) | Block chain monitoring method, device, equipment and storage medium | |
CN108259214B (en) | Configuration command management method, device and machine-readable storage medium | |
CN110958267B (en) | Method and system for monitoring threat behaviors in virtual network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
COR | Change of bibliographic data | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160914 |