CN106713049A - Alarm method and device of monitor - Google Patents
Alarm method and device of monitor Download PDFInfo
- Publication number
- CN106713049A CN106713049A CN201710064475.0A CN201710064475A CN106713049A CN 106713049 A CN106713049 A CN 106713049A CN 201710064475 A CN201710064475 A CN 201710064475A CN 106713049 A CN106713049 A CN 106713049A
- Authority
- CN
- China
- Prior art keywords
- alarm
- warning message
- log
- data server
- monitoring system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0695—Management of faults, events, alarms or notifications the faulty arrangement being the maintenance, administration or management system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an alarm method and device of a monitor. The method comprises the following steps: receiving an alarm message; determining a classification field of the alarm message; writing the message content of the received alarm message in a target alarm log with the same classification field content, and accumulating one on the alarm frequency of the target alarm log; and only sending the alarm of the alarm log with the alarm frequency achieving a threshold value to a client. The technical scheme shows that an alarm identifier and the classification field are introduced into a monitoring system by use of the alarm method provided by the invention, the alarm logs with the same classification field are combined, and the alarm is sent out only when the alarm frequency is accumulated to achieve the preset threshold value. When the monitoring system has many abnormal conditions, needs to send out a large number of alarms and to save a large number of alarm logs, the alarm frequency and the number of the alarm log can be effectively reduced by use of the method provided by the embodiment of the invention on the basis of guaranteeing the normal work of the monitoring system, and the alarm processing efficiency of a manager is improved.
Description
Technical field
The application is related to communication technical field, the alarm method and device for more particularly to monitoring.
Background technology
With speeding up the construction for the monitoring systems such as public security, traffic police, the large scale deployment of substantial amounts of monitoring probe is in city
Each position.The surge of monitoring probe quantity, also causes that the maintenance workload of monitoring system is continued to increase, can in time by prison
Produced problem is alerted in control system, and the network security to realizing monitoring system is most important.
In the prior art, once exception occurs in monitoring system, for example:The access privately of unmonitored control system equipment, appearance are non-
Video flow etc., monitoring system will send alarm prompt administrative staff treatment abnormal conditions, while for each alarm is preserved
A alarm log is checked for administrative staff.When the abnormal conditions that monitoring system occurs are more, for example:It is subjected to malice to attack
When hitting, monitoring system can send substantial amounts of alarm, and preserve substantial amounts of alarm log.Excessive alarm and the alarm excessively enumerated
Daily record can reduce the treatment effeciency of alarm.
The content of the invention
The embodiment of the present invention provides the alarm method and device of monitoring, causes to accuse for solving existing monitoring alarm technology
The relatively low problem of alert treatment effeciency.
A kind of first aspect according to embodiments of the present invention, there is provided alarm method of monitoring, methods described is applied to monitoring
The data server of system, the data server receives warning message from the control management equipment of monitoring system, is to monitoring
The client of system sends and alerts and provide alarm log, wherein, the warning message includes the alarm for indicating alarm type
Mark, corresponding relation of the data server comprising alarm identifier with classification field, methods described includes:
Receive warning message;
The corresponding relation of alarm identifier and the alarm identifier and classification field according to the warning message for being received, really
The classification field of the warning message of the fixed reception;
If there is target alarms daily record in the alarm log that the data server has been preserved, by the reception
The message content of warning message writes the target alarms daily record, and by the alarm number of times of the target alarms daily record cumulative 1, institute
State the field contents that target alarms daily record refers to its correspondence classification field, the word with the classification field of the warning message of the reception
Section content identical alarm log;
If the alarm number of times of any alarm log reaches the default threshold value of monitoring system in data server, to client
End sends the alarm on any alarm log.
A kind of first aspect according to embodiments of the present invention, there is provided alarm device of monitoring, described device is applied to monitoring
The data server of system, the data server receives warning message from the control management equipment of monitoring system, is to monitoring
The client of system sends and alerts and provide alarm log, wherein, the warning message includes the alarm for indicating alarm type
Mark, corresponding relation of the data server comprising alarm identifier with classification field, described device includes:
Receiving unit, for receiving warning message;
Determining unit, for the alarm identifier according to the warning message for being received and the alarm identifier and classification field
Corresponding relation, determine the classification field of the warning message of the reception;
Writing unit, for when there is target alarms daily record in the alarm log that the data server has been preserved, inciting somebody to action
The message content of the warning message of the reception writes the target alarms daily record, and the target alarms daily record refers to that its correspondence is returned
The field contents of class field, the field contents identical alarm log with the classification field of the warning message of the reception;
Summing elements, for the message content of the warning message of the reception to be write into the target alarms in writing unit
After daily record, by the alarm number of times of the target alarms daily record cumulative 1;
Transmitting element, for being preset when the alarm number of times of any alarm log in the data server reaches monitoring system
Threshold value when, to the client send the alarm on any alarm log.
From above technical scheme, the embodiment of the present invention in monitoring system by introducing alarm identifier and classification word
Section, by identical alarm log in data server carried out merge sort out, and only when alarm number of times be accumulated to it is a certain pre-
If just sending alarm during threshold value.When the abnormal conditions that monitoring system occurs are more, it is necessary to send substantial amounts of alarm, and preserve a large amount of
Alarm log when, the embodiment of the present invention can ensure monitoring system normal work on the basis of, effectively reduce alarm time
The quantity of number and alarm log, improves the efficiency of administrative staff's treatment alarm.
Brief description of the drawings
Fig. 1 is an application scenarios schematic diagram of the method for the alarm of embodiment of the present invention monitoring;
Fig. 2 is one embodiment flow chart of the method for the alarm of present invention monitoring;
Fig. 3 is another embodiment flow chart of the method for the alarm of present invention monitoring;
Fig. 4 is a kind of hardware structure diagram of the device place equipment of the alarm of present invention monitoring;
Fig. 5 is one embodiment block diagram of the device of the alarm of present invention monitoring.
Specific embodiment
In order that those skilled in the art are better understood from the technical scheme in the embodiment of the present invention, and make of the invention real
Applying the above-mentioned purpose of example, feature and advantage can be more obvious understandable, below in conjunction with the accompanying drawings to the technology in the embodiment of the present invention
Scheme is described in further detail.
It is an application scenarios schematic diagram of the alarm method of embodiment of the present invention monitoring referring to Fig. 1.
As shown in figure 1, the application scenarios are a video monitoring system, include:Data server, client, control
Management equipment and 8 cameras.Wherein, the control management equipment is connected with 8 cameras and data server respectively,
When shooting rostral occur it is abnormal (connect by private, by it is counterfeit, there is non-video flow etc.), control management equipment will be to data, services
Device sends warning message, and data server generates alarm log after warning message is processed, and is sent out to connected client
Go out alarm and alarm log is provided.
In the prior art, once exception occurs in above-mentioned video monitoring system, data server will send alarm prompt pipe
Reason personnel process abnormal conditions, while for each alarm preserves a alarm log so that administrative staff check.When video prison
When the abnormal conditions that control system occurs are more, for example:When being subjected to malicious attack, video monitoring system can send substantial amounts of announcement
It is alert, and preserve substantial amounts of alarm log.Excessive alarm and the alarm log excessively enumerated can reduce the treatment effeciency of alarm.
With reference to the application scenarios shown in Fig. 1, the embodiment of the present invention is described in detail.
Referring to Fig. 2, Fig. 2 is one embodiment flow chart of the alarm method of present invention monitoring, and the embodiment is applied to prison
The data server of control system, the data server receives warning message from the control management equipment of monitoring system, to monitoring
The client of system sends and alerts and provide alarm log, wherein, the warning message includes the announcement for indicating alarm type
Alert mark, corresponding relation of the data server comprising alarm identifier with classification field, the described method comprises the following steps:
Step 201:Receive warning message.
Step 202:Alarm identifier and the alarm identifier according to the warning message for being received is right with classification field
Should be related to, determine the classification field of the warning message of the reception.
In an optional example, alarm identifier and alarm identifier and alarm class according to the warning message for being received
The corresponding relation of type, determines the alarm type of the warning message of above-mentioned reception, and the alarm type is associated to receiving alarm
The corresponding alarm log of message, above-mentioned alarm identifier is pre-stored in data server with the corresponding relation of alarm type, should
Alarm type includes:MAC alarms, destination interface or the agreement that the IP that source IP certification does not pass through is alerted, source MAC certifications do not pass through are recognized
The dynamic sensing alarm that card does not pass through.
Step 203:If there is target alarms daily record in the alarm log that the data server has been preserved, by institute
The message content for stating the warning message of reception writes the target alarms daily record, and by the alarm number of times of the target alarms daily record
Cumulative 1, the target alarms daily record refers to the field contents of its correspondence classification field, the classification with the warning message of the reception
The field contents identical alarm log of field.
In an optional example, if there is the corresponding classification field of alarm log office in above-mentioned data server
Field contents, the field contents with the classification field of the warning message of above-mentioned reception are different from, then be the alarm of above-mentioned reception
Message creates alarm log, and the alarm number of times of the alarm log of establishment is recorded as into 1.
Step 204:If the alarm number of times of any alarm log reaches the default threshold value of monitoring system in data server,
Then the alarm on any alarm log is sent to client.
In an optional example, can be for different alarm types, different source IPs, different source MAC associations not
Same alarm level;If the alarm number of times of any alarm log reaches the default threshold value of monitoring system in data server,
The alarm of rank corresponding to any alarm log is sent to client.
In another optional example, if receiving alarm log from client deletes instruction, the deletion is referred to
The alarm log for pointing to is made to delete.
From above technical scheme, the embodiment of the present invention in monitoring system by introducing alarm identifier and classification word
Section, by identical alarm log in data server carried out merge sort out, and only when alarm number of times be accumulated to it is a certain pre-
If just sending alarm during threshold value.When the abnormal conditions that monitoring system occurs are more, it is necessary to send substantial amounts of alarm, and preserve a large amount of
Alarm log when, the embodiment of the present invention can ensure monitoring system normal work on the basis of, effectively reduce alarm time
The quantity of number and alarm log, improves the efficiency of administrative staff's treatment alarm.
Referring to Fig. 3, Fig. 3 is another embodiment flow chart of the method for the alarm of present invention monitoring, and the embodiment is from regarding
The data server side of frequency monitoring system has been described in detail to the implementing procedure for alerting, and the data server is from monitoring
The control management equipment of system receives warning message, is sent to the client of monitoring system and alerts and provide alarm log, wherein, institute
State warning message and include the alarm identifier for indicating alarm type, the data server includes alarm identifier and classification field
Corresponding relation, the flow comprises the following steps:
Step 301:Receive warning message.
Step 302:Alarm identifier and the alarm identifier according to the warning message for being received is right with classification field
Should be related to, it is determined that the classification field of the warning message for being received.
Step 303:Judge with the presence or absence of target alarms daily record in the alarm log that data server has been preserved, if
Step 305 is then performed, if otherwise performing step 304.
The target alarms daily record refers to the field contents of its correspondence classification field, with returning for the warning message of the reception
The field contents identical alarm log of class field
Step 304:Be that the warning message that is received creates alarm log, and the alarm log that will be created alarm time number scale
Record is 1.
In an optional example, the content of above-mentioned alarm log can include:Alarm type, source MAC, source mesh IP,
Source eye end slogan, device IP, protocol type, incoming interface, terminal type, time, alarm number of times, region, particular geographic location etc.
Step 305:The message content of the warning message that will be received writes above-mentioned target alarms daily record, and by above-mentioned target
The alarm number of times of alarm log cumulative 1.
Step 306:Alarm identifier and alarm identifier pass corresponding with alarm type according to the warning message for being received
System, it is determined that the alarm type of the warning message for being received, and the alarm type is associated into announcement corresponding to received warning message
Alert daily record.
In this step, the alarm identifier can be pre-stored in data server with the corresponding relation of alarm type, its
In the alarm type can include:The IP that source IP certification does not pass through is alerted, source MAC certifications do not pass through MAC alarms, destination interface
Or the dynamic sensing alarm that protocol authentication does not pass through.
Step 307:Judge whether the alarm log of step 304 establishment or the alarm number of times of target alarms daily record reach default
Threshold value, if it is performs step 308, if otherwise performing step 309.
Step 308:According to different alarm types and the corresponding relation of different alarm levels, above-mentioned reaching is sent to client
To predetermined threshold value alarm log corresponding to rank alarm.
In this step, the corresponding relation of above-mentioned different alarm type and different alarm levels is pre-stored in data and takes
Business device in, above-mentioned alarm level can be divided into typically, prompting, promptly.
Can be different source IPs in an optional example, or different source MAC associates different alarm levels.
In another optional mode, alarm, short message can also be sent to administrative staff by way of mail, short message
With the page that mail may be coupled to check all daily record details, keeper can use Log Types, source MAC, source IP, mesh
IP, source port number, destination slogan, device IP, protocol type, incoming interface, terminal type, the time, alarm number of times, region,
Particular geographic location etc. is used as filter condition query warning daily record.
Step 309:Prepare to receive next warning message.
In an optional example, if receiving alarm log from client deletes instruction, instruction will be deleted and referred to
To alarm log delete.
From above technical scheme, on the one hand, the embodiment of the present invention by monitoring system introduce alarm identifier with
And classification field, identical alarm log in data server merge and has been sorted out, and only when alarm number of times adds up
To just sending alarm during a certain predetermined threshold value.When the abnormal conditions that monitoring system occurs are more, it is necessary to send substantial amounts of alarm, and
When preserving substantial amounts of alarm log, the embodiment of the present invention can effectively be reduced on the basis of monitoring system normal work is ensured
The number of times of alarm and the quantity of alarm log, improve the efficiency of administrative staff's treatment alarm.Another further aspect, the embodiment of the present invention
Different alarm levels are associated by for different alarm types, allows administrative staff fast for the different alarm of urgency level
The differentiation that gives of speed is treated, and further increases the efficiency of administrative staff's treatment alarm.
The embodiment of the present invention is illustrated below by a specific application example, application example combination Fig. 1 shows
The application scenarios for going out are described.Where it is assumed that the alarm identifier preserved in shown data server and classification field, alarm class
The corresponding relation of type, and alarm type and the inter-step corresponding relation of announcement, as shown in table 1:
Table 1
Alarm identifier | Classification field | Alarm type | Alarm level |
1 | Source IP | IP is alerted | Typically |
2 | Source MAC | MAC is alerted | Prompting |
3 | Destination interface and agreement | Dynamic sensing is alerted | Promptly |
Assuming that the partial content of the alarm log preserved in shown data server is as shown in table 2:
Table 2
Log-sequence numbers | Classification field | Source IP | Source MAC | Alarm number of times | Alarm type | Alarm level |
01 | Source IP | 168.1.1.1 | 0000-0000-0001 | 4 | IP is alerted | Typically |
02 | Source MAC | 168.1.1.2 | 0000-0000-0003 | 4 | MAC is alerted | Prompting |
03 | Source IP | 1.8.1.1.6 | 0000-0000-0005 | 1 | IP is alerted | Typically |
When data server is 01 from controlling management equipment to receive alarm identifier, source IP is 168.1.1.1, and source MAC is
After the warning message -1 of 0000-0000-0011, the alarm processing of data server is as follows:
According to alarm identifier in table 1 and classification field, the corresponding relation of alarm type and the warning message -1 for being received
Alarm identifier 01, determine the classification field of warning message -1 for source IP, alarm type is IP alarms;
According to alarm type in table 1 and the IP alarm types for accusing inter-step corresponding relation and warning message -1, it is determined that
The alarm level for going out warning message -1 is general;
Judged to draw according to table 2, the log-sequence numbers preserved in data server are the classification field of 01 alarm log
Content, the classification field content with warning message -1 is all 168.1.1.1;
By the alarm log that the message content of warning message -1 write-in log-sequence numbers are 01, and by announcement that log-sequence numbers are 01
The alarm number of times cumulative 1 of alert daily record;
Judgement show that the alarm number of times of the alarm log that log-sequence numbers are 01 reaches the predetermined threshold value 5 of alarm number of times, passes through
Short message and mail, it is general alarm log to send alarm level to client;
The handling process for the warning message terminates since then, waits next warning message to be received;
After the deletion instruction for the alarm log that log-sequence numbers are 01 is received from client, deleting log-sequence numbers is
01 alarm log.
Embodiment with the alarm method of foregoing monitoring is corresponding, present invention also provides the implementation of the alarm device of monitoring
Example.
The embodiment of the alarm device of the application monitoring can be applied on the data server of monitoring system.Device is implemented
Example can be realized by software, it is also possible to be realized by way of hardware or software and hardware combining.As a example by implemented in software, as
Device on one logical meaning, is by corresponding computer journey in nonvolatile memory by the processor of equipment where it
Sequence instruction runs what is formed in reading internal memory.From for hardware view, as shown in figure 4, being the alarm device of the application monitoring
A kind of hardware structure diagram of place equipment, except the processor shown in Fig. 4, internal memory, network interface and nonvolatile memory
Outside, the equipment in embodiment where device can also include other hardware, to this not generally according to the actual functional capability of the equipment
Repeat again.
Fig. 5 is refer to, is one embodiment block diagram of the alarm device of present invention monitoring, described device is applied to monitoring system
The data server of system, the data server receives warning message from the control management equipment of monitoring system, to monitoring system
Client send and alert and alarm log is provided, wherein, the warning message is comprising for indicating the alarm mark of alarm type
Know, corresponding relation of the data server comprising alarm identifier with classification field, described device includes:Receiving unit 501, really
Order unit 502, writing unit 503, summing elements 504, transmitting element 505;
Wherein, receiving unit 501, for receiving warning message;
Determining unit 502, for the alarm identifier according to the warning message for being received and the alarm identifier and classification
The corresponding relation of field, determines the classification field of the warning message of the reception;
Writing unit 503, for when there is target alarms daily record in the alarm log that the data server has been preserved,
The message content of the warning message of the reception is write into the target alarms daily record, the target alarms daily record refers to its correspondence
The field contents of classification field, the field contents identical alarm log with the classification field of the warning message of the reception;
Summing elements 504, for the message content of the warning message of the reception to be write into the mesh in writing unit 503
After mark alarm log, by the alarm number of times of the target alarms daily record cumulative 1;
Transmitting element 505, monitoring system is reached for the alarm number of times when any alarm log in the data server
During default threshold value, the alarm on any alarm log is sent to the client.
From above technical scheme, the embodiment of the present invention in monitoring system by introducing alarm identifier and classification word
Section, by identical alarm log in data server carried out merge sort out, and only when alarm number of times be accumulated to it is a certain pre-
If just sending alarm during threshold value.When the abnormal conditions that monitoring system occurs are more, it is necessary to send substantial amounts of alarm, and preserve a large amount of
Alarm log when, the embodiment of the present invention can ensure monitoring system normal work on the basis of, effectively reduce alarm time
The quantity of number and alarm log, improves the efficiency of administrative staff's treatment alarm.
In an optional example, described device is also included (not shown in Fig. 5):Creating unit 506, recording unit
507。
Wherein, creating unit 506, for when the word of the corresponding classification field of all alarm logs in the data server
Section content, is the alarm report of the reception when field contents with the classification field of the warning message of the reception are different from
Text creates alarm log;
Recording unit 507, for after creating unit 506 creates alarm log for the warning message of the reception, will create
The alarm number of times of the alarm log built is recorded as 1.
In another optional example, the determining unit 502 is additionally operable to:
Alarm identifier and alarm identifier and the corresponding relation of alarm type according to the warning message for being received, determine institute
The alarm type of the warning message of reception;
Described device is also included (not shown in Fig. 5):
Associative cell 508, for after the alarm type that the determining unit 502 determines received warning message, inciting somebody to action
The alarm type associates the corresponding relation of alarm log corresponding to received warning message, the alarm identifier and alarm type
It is pre-stored in data server, the alarm type includes:
MAC alarms, destination interface or the protocol authentication that the IP that source IP certification does not pass through is alerted, source MAC certifications do not pass through are not
The dynamic sensing alarm for passing through.
In another optional example, the associative cell 508 is additionally operable to:
It is different alarm types, or,
Different source IPs, or,
Different source MAC associates different alarm levels;
The transmitting element 505, is additionally operable to:
When the default threshold value of the alarm number of times arrival monitoring system of any alarm log in the data server, to visitor
Family end sends the alarm of rank corresponding to any alarm log.
In another optional example, described device is also included (not shown in Fig. 5):Delete unit 509;
Unit 509 is deleted, for after receiving unit 501 receives alarm log deletion instruction from client, will delete
The alarm log for pointing to is instructed to delete.
From above technical scheme, on the one hand, the embodiment of the present invention by monitoring system introduce alarm identifier with
And classification field, identical alarm log in data server merge and has been sorted out, and only when alarm number of times adds up
To just sending alarm during a certain predetermined threshold value.When the abnormal conditions that monitoring system occurs are more, it is necessary to send substantial amounts of alarm, and
When preserving substantial amounts of alarm log, the embodiment of the present invention can effectively be reduced on the basis of monitoring system normal work is ensured
The number of times of alarm and the quantity of alarm log, improve the efficiency of administrative staff's treatment alarm.Another further aspect, the embodiment of the present invention
Different alarm levels are associated by for different alarm types, allows administrative staff fast for the different alarm of urgency level
The differentiation that gives of speed is treated, and further increases the efficiency of administrative staff's treatment alarm.
The function of unit and the implementation process of effect correspond to step in specifically referring to the above method in said apparatus
Implementation process, will not be repeated here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is referring to method reality
Apply the part explanation of example.Device embodiment described above is only schematical, wherein described as separating component
The unit of explanation can be or may not be physically separate, and the part shown as unit can be or can also
It is not physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to reality
Selection some or all of module therein is needed to realize the purpose of application scheme.Those of ordinary skill in the art are not paying
In the case of going out creative work, you can to understand and implement.
The preferred embodiment of the application is the foregoing is only, is not used to limit the application, all essences in the application
Within god and principle, any modification, equivalent substitution and improvements done etc. should be included within the scope of the application protection.
Claims (10)
1. a kind of alarm method of monitoring, it is characterised in that methods described is applied to the data server of monitoring system, the number
Warning message is received from the control management equipment of monitoring system according to server, is sent to the client of monitoring system and is alerted and provide
Alarm log, wherein, the warning message includes the alarm identifier for indicating alarm type, and the data server includes announcement
The corresponding relation of alert mark and classification field, methods described includes:
Receive warning message;
Alarm identifier and the alarm identifier and the corresponding relation of classification field according to the warning message for being received, determine institute
State the classification field of the warning message of reception;
If there is target alarms daily record in the alarm log that the data server has been preserved, by the alarm of the reception
The message content of message writes the target alarms daily record, and by the alarm number of times of the target alarms daily record cumulative 1, the mesh
Mark alarm log refers to the field contents of its correspondence classification field, in the field of the classification field of the warning message of the reception
Hold identical alarm log;
If the alarm number of times of any alarm log reaches the default threshold value of monitoring system in data server, sent out to client
Send the alarm on any alarm log.
2. method according to claim 1, it is characterised in that also include:
If the field contents of the corresponding classification field of all alarm logs, the alarm with the reception in the data server
The field contents of the classification field of message are different from, then for the warning message of the reception creates alarm log, and will create
The alarm number of times of alarm log be recorded as 1.
3. method according to claim 1 and 2, it is characterised in that also include:
The corresponding relation of alarm identifier and alarm identifier and alarm type according to the warning message for being received, it is determined that being received
Warning message alarm type, and the alarm type is associated into alarm log corresponding to received warning message, the announcement
Alert mark is pre-stored in data server with the corresponding relation of alarm type, and the alarm type includes:
MAC alarms, destination interface or the protocol authentication that the IP that source IP certification does not pass through is alerted, source MAC certifications do not pass through do not pass through
Dynamic sensing alarm.
4. method according to claim 3, it is characterised in that also include:
It is different alarm types, or,
Different source IPs, or,
Different source MAC associates different alarm levels;
If the alarm number of times of any alarm log reaches the default threshold value of monitoring system in the data server, to client
End sends alarm, including:
If the alarm number of times of any alarm log reaches the default threshold value of monitoring system in data server, sent out to client
Send the alarm of rank corresponding to any alarm log.
5. method according to claim 1, it is characterised in that also include:
If receiving alarm log from client deletes instruction, the alarm log that will delete instruction sensing is deleted.
6. a kind of alarm device of monitoring, it is characterised in that described device is applied to the data server of monitoring system, the number
Warning message is received from the control management equipment of monitoring system according to server, is sent to the client of monitoring system and is alerted and provide
Alarm log, wherein, the warning message includes the alarm identifier for indicating alarm type, and the data server includes announcement
The corresponding relation of alert mark and classification field, described device includes:
Receiving unit, for receiving warning message;
Determining unit is right with classification field for the alarm identifier according to the warning message for being received and the alarm identifier
Should be related to, determine the classification field of the warning message of the reception;
Writing unit, for when there is target alarms daily record in the alarm log that the data server has been preserved, by described in
The message content of the warning message of reception writes the target alarms daily record, and the target alarms daily record refers to that its correspondence sorts out word
The field contents of section, the field contents identical alarm log with the classification field of the warning message of the reception;
Summing elements, for the message content of the warning message of the reception to be write into the target alarms daily record in writing unit
Afterwards, by the alarm number of times of the target alarms daily record cumulative 1;
Transmitting element, the default threshold of monitoring system is reached for the alarm number of times when any alarm log in the data server
During value, the alarm on any alarm log is sent to the client.
7. device according to claim 6, it is characterised in that also include:
Creating unit, for when the field contents of the corresponding classification field of all alarm logs in the data server, with institute
It is that the warning message of the reception creates alarm day when the field contents for stating the classification field of the warning message of reception are different from
Will;
Recording unit, for the alarm day that after the warning message that creating unit is the reception creates alarm log, will be created
The alarm number of times of will is recorded as 1.
8. the device according to claim 6 or 7, it is characterised in that the determining unit, is additionally operable to:
The corresponding relation of alarm identifier and alarm identifier and alarm type according to the warning message for being received, it is determined that being received
Warning message alarm type;
Described device also includes:
Associative cell, for after the alarm type that the determining unit determines received warning message, by the alarm type
To the corresponding alarm log of warning message is received, the alarm identifier is pre-stored in the corresponding relation of alarm type for association
In data server, the alarm type includes:
MAC alarms, destination interface or the protocol authentication that the IP that source IP certification does not pass through is alerted, source MAC certifications do not pass through do not pass through
Dynamic sensing alarm.
9. device according to claim 8, it is characterised in that the associative cell, is additionally operable to:
It is different alarm types, or,
Different source IPs, or,
Different source MAC associates different alarm levels;
The transmitting element, is additionally operable to:
When the default threshold value of the alarm number of times arrival monitoring system of any alarm log in the data server, to client
Send the alarm of rank corresponding to any alarm log.
10. device according to claim 6, it is characterised in that also include:
Unit is deleted, for after receiving unit receives alarm log deletion instruction from client, will delete what instruction was pointed to
Alarm log is deleted.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710064475.0A CN106713049B (en) | 2017-02-04 | 2017-02-04 | Monitoring alarm method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710064475.0A CN106713049B (en) | 2017-02-04 | 2017-02-04 | Monitoring alarm method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106713049A true CN106713049A (en) | 2017-05-24 |
CN106713049B CN106713049B (en) | 2020-08-04 |
Family
ID=58910284
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710064475.0A Active CN106713049B (en) | 2017-02-04 | 2017-02-04 | Monitoring alarm method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106713049B (en) |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107171873A (en) * | 2017-07-21 | 2017-09-15 | 北京微影时代科技有限公司 | A kind of method and apparatus of Message Processing |
CN107707380A (en) * | 2017-07-31 | 2018-02-16 | 贵州白山云科技有限公司 | A kind of monitoring alarm method and apparatus |
CN109039718A (en) * | 2018-07-19 | 2018-12-18 | 江苏满运软件科技有限公司 | A kind of alarm method and system of online service |
CN109194532A (en) * | 2018-11-07 | 2019-01-11 | 广东电网有限责任公司 | A kind of method for pushing and device of power grid warning information |
CN109218102A (en) * | 2018-09-26 | 2019-01-15 | 江苏满运软件科技有限公司 | A kind of alarm monitoring method and system |
CN109361537A (en) * | 2018-10-10 | 2019-02-19 | 广东信通通信有限公司 | Network system monitoring method, device, computer equipment and storage medium |
CN109391496A (en) * | 2017-08-10 | 2019-02-26 | 大唐移动通信设备有限公司 | Alarm log method for uploading and device |
CN109412852A (en) * | 2018-10-29 | 2019-03-01 | 京信通信系统(中国)有限公司 | Alarm method, device, computer equipment and storage medium |
CN109412870A (en) * | 2018-12-10 | 2019-03-01 | 网宿科技股份有限公司 | Alarm monitoring method and platform, server, storage medium |
CN109450727A (en) * | 2018-11-01 | 2019-03-08 | 广州市百果园信息技术有限公司 | A kind of methods of exhibiting of network monitoring data, device, equipment and storage medium |
CN110191094A (en) * | 2019-04-26 | 2019-08-30 | 北京奇安信科技有限公司 | Monitoring method and device, storage medium, the terminal of abnormal data |
CN110535702A (en) * | 2019-08-30 | 2019-12-03 | 北京神州绿盟信息安全科技股份有限公司 | A kind of alarm information processing method and device |
CN110598180A (en) * | 2019-08-30 | 2019-12-20 | 国家电网有限公司 | Event detection method, device and system based on statistical analysis |
CN111092758A (en) * | 2019-12-06 | 2020-05-01 | 上海上讯信息技术股份有限公司 | Method and device for reducing alarm and recovering false alarm and electronic equipment |
CN111740868A (en) * | 2020-07-07 | 2020-10-02 | 腾讯科技(深圳)有限公司 | Alarm data processing method and device and storage medium |
CN112347057A (en) * | 2020-10-19 | 2021-02-09 | 云南电网有限责任公司 | Processing method for abnormal alarm analysis and handling of power dispatching information system |
CN113192331A (en) * | 2021-04-26 | 2021-07-30 | 吉林大学 | Intelligent early warning system and early warning method for riding safety in internet environment |
WO2022048671A1 (en) * | 2020-09-07 | 2022-03-10 | 华为技术有限公司 | Method and apparatus for event categorization |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1523802A (en) * | 2003-09-05 | 2004-08-25 | 中兴通讯股份有限公司 | A method for preventing alarm storm in CDMA system |
CN101247269A (en) * | 2008-03-05 | 2008-08-20 | 中兴通讯股份有限公司 | Method for automatically discovering association rule for judging redundant alarm |
CN101345972A (en) * | 2008-08-26 | 2009-01-14 | 中国移动通信集团福建有限公司 | Network element alarming intelligent monitoring system |
CN101360313A (en) * | 2007-08-01 | 2009-02-04 | 中兴通讯股份有限公司 | Method for uploading alarm quantity information to network management system by network element management system |
CN102546216A (en) * | 2010-12-30 | 2012-07-04 | 中国移动通信集团山东有限公司 | Method for processing alarm messages in network management system and network management system |
US20130227589A1 (en) * | 2012-02-27 | 2013-08-29 | Hitachi, Ltd. | Monitoring system and monitoring program |
CN104537796A (en) * | 2014-12-17 | 2015-04-22 | 深圳市中科安防科技有限公司 | Alarm message processing system and method |
-
2017
- 2017-02-04 CN CN201710064475.0A patent/CN106713049B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1523802A (en) * | 2003-09-05 | 2004-08-25 | 中兴通讯股份有限公司 | A method for preventing alarm storm in CDMA system |
CN101360313A (en) * | 2007-08-01 | 2009-02-04 | 中兴通讯股份有限公司 | Method for uploading alarm quantity information to network management system by network element management system |
CN101247269A (en) * | 2008-03-05 | 2008-08-20 | 中兴通讯股份有限公司 | Method for automatically discovering association rule for judging redundant alarm |
CN101345972A (en) * | 2008-08-26 | 2009-01-14 | 中国移动通信集团福建有限公司 | Network element alarming intelligent monitoring system |
CN102546216A (en) * | 2010-12-30 | 2012-07-04 | 中国移动通信集团山东有限公司 | Method for processing alarm messages in network management system and network management system |
US20130227589A1 (en) * | 2012-02-27 | 2013-08-29 | Hitachi, Ltd. | Monitoring system and monitoring program |
CN104537796A (en) * | 2014-12-17 | 2015-04-22 | 深圳市中科安防科技有限公司 | Alarm message processing system and method |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107171873A (en) * | 2017-07-21 | 2017-09-15 | 北京微影时代科技有限公司 | A kind of method and apparatus of Message Processing |
CN107707380A (en) * | 2017-07-31 | 2018-02-16 | 贵州白山云科技有限公司 | A kind of monitoring alarm method and apparatus |
CN109391496A (en) * | 2017-08-10 | 2019-02-26 | 大唐移动通信设备有限公司 | Alarm log method for uploading and device |
CN109039718B (en) * | 2018-07-19 | 2021-06-25 | 江苏满运软件科技有限公司 | Online service warning method and system |
CN109039718A (en) * | 2018-07-19 | 2018-12-18 | 江苏满运软件科技有限公司 | A kind of alarm method and system of online service |
CN109218102A (en) * | 2018-09-26 | 2019-01-15 | 江苏满运软件科技有限公司 | A kind of alarm monitoring method and system |
CN109361537A (en) * | 2018-10-10 | 2019-02-19 | 广东信通通信有限公司 | Network system monitoring method, device, computer equipment and storage medium |
CN109412852B (en) * | 2018-10-29 | 2022-05-03 | 京信网络系统股份有限公司 | Alarm method, alarm device, computer equipment and storage medium |
CN109412852A (en) * | 2018-10-29 | 2019-03-01 | 京信通信系统(中国)有限公司 | Alarm method, device, computer equipment and storage medium |
CN109450727A (en) * | 2018-11-01 | 2019-03-08 | 广州市百果园信息技术有限公司 | A kind of methods of exhibiting of network monitoring data, device, equipment and storage medium |
CN109194532A (en) * | 2018-11-07 | 2019-01-11 | 广东电网有限责任公司 | A kind of method for pushing and device of power grid warning information |
CN109412870B (en) * | 2018-12-10 | 2022-07-01 | 网宿科技股份有限公司 | Alarm monitoring method and platform, server and storage medium |
CN109412870A (en) * | 2018-12-10 | 2019-03-01 | 网宿科技股份有限公司 | Alarm monitoring method and platform, server, storage medium |
CN110191094A (en) * | 2019-04-26 | 2019-08-30 | 北京奇安信科技有限公司 | Monitoring method and device, storage medium, the terminal of abnormal data |
CN110598180A (en) * | 2019-08-30 | 2019-12-20 | 国家电网有限公司 | Event detection method, device and system based on statistical analysis |
CN110535702A (en) * | 2019-08-30 | 2019-12-03 | 北京神州绿盟信息安全科技股份有限公司 | A kind of alarm information processing method and device |
CN110535702B (en) * | 2019-08-30 | 2022-07-12 | 绿盟科技集团股份有限公司 | Alarm information processing method and device |
CN110598180B (en) * | 2019-08-30 | 2022-09-09 | 国家电网有限公司 | Event detection method, device and system based on statistical analysis |
CN111092758A (en) * | 2019-12-06 | 2020-05-01 | 上海上讯信息技术股份有限公司 | Method and device for reducing alarm and recovering false alarm and electronic equipment |
CN111740868A (en) * | 2020-07-07 | 2020-10-02 | 腾讯科技(深圳)有限公司 | Alarm data processing method and device and storage medium |
CN111740868B (en) * | 2020-07-07 | 2023-12-15 | 腾讯科技(深圳)有限公司 | Alarm data processing method and device and storage medium |
WO2022048671A1 (en) * | 2020-09-07 | 2022-03-10 | 华为技术有限公司 | Method and apparatus for event categorization |
CN112347057A (en) * | 2020-10-19 | 2021-02-09 | 云南电网有限责任公司 | Processing method for abnormal alarm analysis and handling of power dispatching information system |
CN113192331A (en) * | 2021-04-26 | 2021-07-30 | 吉林大学 | Intelligent early warning system and early warning method for riding safety in internet environment |
Also Published As
Publication number | Publication date |
---|---|
CN106713049B (en) | 2020-08-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106713049A (en) | Alarm method and device of monitor | |
US9686301B2 (en) | Method and system for virtual asset assisted extrusion and intrusion detection and threat scoring in a cloud computing environment | |
CN100448203C (en) | System and method for identifying and preventing malicious intrusions | |
US11882140B1 (en) | System and method for detecting repetitive cybersecurity attacks constituting an email campaign | |
US9264441B2 (en) | System and method for securing a network from zero-day vulnerability exploits | |
US8015604B1 (en) | Hierarchical architecture in a network security system | |
US9069954B2 (en) | Security threat detection associated with security events and an actor category model | |
US20130081065A1 (en) | Dynamic Multidimensional Schemas for Event Monitoring | |
CN110519150B (en) | Mail detection method, device, equipment, system and computer readable storage medium | |
EP2180660A1 (en) | Method and system for statistical analysis of botnets | |
US20220086173A1 (en) | Improving incident classification and enrichment by leveraging context from multiple security agents | |
US8195750B1 (en) | Method and system for tracking botnets | |
CN105376210A (en) | Account threat identification and defense method and system | |
CN110210213A (en) | The method and device of filtering fallacious sample, storage medium, electronic device | |
KR102160950B1 (en) | Data Distribution System and Its Method for Security Vulnerability Inspection | |
CN105959290A (en) | Detection method and device of attack message | |
CN106254353A (en) | The update method of IPS strategy and device | |
US20090300156A1 (en) | Methods And Systems For Managing Security In A Network | |
CN111859374B (en) | Method, device and system for detecting social engineering attack event | |
CN110149319A (en) | The method for tracing and device, storage medium, electronic device of APT tissue | |
US9027120B1 (en) | Hierarchical architecture in a network security system | |
CN116545678A (en) | Network security protection method, device, computer equipment and storage medium | |
CN113098852B (en) | Log processing method and device | |
CN110912869A (en) | Big data-based monitoring and reminding method | |
CN114124453B (en) | Processing method and device of network security information, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |