CN107342888A - The storage method and device of daily record message - Google Patents

The storage method and device of daily record message Download PDF

Info

Publication number
CN107342888A
CN107342888A CN201611099761.2A CN201611099761A CN107342888A CN 107342888 A CN107342888 A CN 107342888A CN 201611099761 A CN201611099761 A CN 201611099761A CN 107342888 A CN107342888 A CN 107342888A
Authority
CN
China
Prior art keywords
classification information
daily record
information
classification
forward node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611099761.2A
Other languages
Chinese (zh)
Inventor
李耀东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201611099761.2A priority Critical patent/CN107342888A/en
Publication of CN107342888A publication Critical patent/CN107342888A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/1805Append-only file systems, e.g. using logs or journals to store data
    • G06F16/1815Journaling file systems

Abstract

The present invention provides a kind of storage method and device of daily record message, and methods described includes:When receiving the daily record message from daily record source server, information type based on default at least one first classification information extracts the first identification information from the daily record message, and at least one first classification information is used to be finely divided the daily record message under the information type of first classification information;When the match is successful for one of them first classification information in first identification information and at least one first classification information, storage location corresponding to one of them described first classification information is defined as the first forward node, the daily record message is forwarded to first forward node;When in the absence of the second classification information, by the daily record packet storage in first forward node, second classification information is default next classification information.It is big to solve daily record packet storage amount using the embodiment of the present invention, the problem of being not easy to inquiry.

Description

The storage method and device of daily record message
Technical field
The present invention relates to network communication technology field, more particularly to a kind of storage method and device of daily record message.
Background technology
With the fast development of computer network, the safety of network environment becomes more and more important, it usually needs by network The daily record of middle generation is stored, in order to which daily record of the administrative staff based on storage is safeguarded to network environment.
In prior art, daily record is stored in the form of text-only file, and amount of storage is big, is not easy to inquire about.
The content of the invention
In view of this, the present invention provides a kind of storage method and device of daily record message, to solve daily record packet storage amount Greatly, the problem of being not easy to inquiry.
To achieve the above object, it is as follows to provide technical scheme by the present invention:
According to the first aspect of the invention, it is proposed that a kind of storage method of daily record message, methods described include:
When receiving the daily record message from daily record source server, based on default at least one first classification information Information type extracts the first identification information from the daily record message, and at least one first classification information was used for the day Will message is finely divided under the information type of first classification information;
One of them first classification information in first identification information and at least one first classification information When the match is successful, storage location corresponding to one of them described first classification information is defined as the first forward node, by described in Daily record message is forwarded to first forward node;
When in the absence of the second classification information, by the daily record packet storage in first forward node, described second Classification information is default next classification information.
According to the second aspect of the invention, it is proposed that a kind of storage device of daily record message, including:
First extraction module, for when receiving the daily record message from daily record source server, based on it is default at least The information type of one the first classification information extracts the first identification information from the daily record message, described at least one first point Category information is used to be finely divided the daily record message under the information type of first classification information;
First forwarding module, for when first identification information that is extracted in first extraction module with it is described at least One of them first classification information in one the first classification information is when the match is successful, by one of them described first classification information Corresponding storage location is defined as the first forward node, and the daily record message is forwarded into first forward node;
First memory module, for when in the absence of the second classification information, by the daily record packet storage described first First forward node determined in forwarding module, second classification information are default next classification information.
From above technical scheme, when log server receives the daily record message from daily record source server, day Information type of the will server based on default at least one first classification information extracts the first identification information from daily record message, When the match is successful for one of them first classification information in the first identification information and at least one first classification information, daily record clothes Storage location corresponding to one of them first classification information is defined as the first forward node by business device, is believed when in the absence of the second classification During breath, by daily record packet storage in the first forward node, log server is based at least one first classification to be believed log server Breath is finely divided to daily record message under the information type, and is stored, and is easy to administrative staff to carry out Classification Management to daily record, so as to Log server can be solved because daily record packet storage amount is big, the problem of being not easy to inquire about.
Brief description of the drawings
Fig. 1 is the network architecture diagram that the storage method of daily record message provided by the invention is applicable;
Fig. 2 is the daily record storage organization figure of the storage method of a daily record message provided by the invention;
Fig. 3 is the embodiment flow chart of the storage method of a daily record message provided by the invention;
Fig. 4 is the embodiment flow chart of the storage method of another daily record message provided by the invention;
Fig. 5 is the embodiment flow chart of the storage method of another daily record message provided by the invention;
Fig. 6 is a kind of hardware structure diagram of network protection equipment provided by the invention;
Fig. 7 is the embodiment block diagram of the device of the storage of a daily record message provided by the invention;
Fig. 8 is the embodiment block diagram of the device of the storage of another daily record message provided by the invention.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment Described in embodiment do not represent and the consistent all embodiments of the present invention.On the contrary, they be only with it is such as appended The example of the consistent apparatus and method of some aspects being described in detail in claims, of the invention.
It is only merely for the purpose of description specific embodiment in terminology used in the present invention, and is not intended to be limiting the present invention. It is also intended in " one kind " of the singulative of the invention with used in appended claims, " described " and "the" including majority Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wrapped Containing the associated list items purpose of one or more, any or all may be combined.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the present invention A little information should not necessarily be limited by these terms.These terms are only used for same type of information being distinguished from each other out.For example, do not departing from In the case of the scope of the invention, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determining ".
Fig. 1 is the network architecture diagram that the storage method of daily record message provided by the invention is applicable, as shown in figure 1, the net Network Organization Chart includes:Client 11, router 12, internet 13, log server 14, fire wall 15, fire wall 16, fire prevention Wall 17.Wherein, client 11 is arranged on personal computer (Personal Computer, referred to as PC), and client 11 may be used also With on the terminal devices such as mobile phone, tablet personal computer, intelligent watch;Log server 14 is to be looked into daily record storage and daily record Ask function the network equipment, administrative staff daily record can be inquired about by the interactive software installed on log server 14 with And the relevant configuration in log server 14 is modified;Fire wall 15, fire wall 16, fire wall 17 are Log Source service Device, daily record source server are the network equipment with daily record upload function, and fire wall 15, fire wall 16, fire wall 17 are herein Daily record source server is merely illustrative, and daily record source server can also be that network protection equipment, router etc. can generate The network equipment of daily record.
Generally, fire wall 15, fire wall 16, fire wall 17 will be carried on the daily record message of the log information of client 11 Log server 14 is passed to, daily record message can be network address translation (Network Address Translation, abbreviation For NAT) daily record, audit log, intrusion prevention system (Intrusion Prevention System, referred to as IPS) day of attack Will etc..In one embodiment, log server 14 has preset at least one first classification information, at least one first classification letter Cease for identical information type, at least one first classification information be used for daily record message the first classification information information type Under be finely divided, wherein, information type includes:The IP of daily record source server (fire wall 15, fire wall 16, fire wall 17) Location;Time cycle (my god);Time cycle (hour) etc..Information type of the log server 14 based on the first classification information is from daily record The first identification information is extracted in message, one of them first point in the first identification information and at least one first classification information For category information when the match is successful, by this, storage location corresponding to one of them first classification information is defined as first to log server 14 Daily record message is forwarded to the first forward node by forward node, log server 14.Using the information type of the first classification information as Exemplified by the IP address of daily record source server, log server 14 has preset three the first classification informations, respectively fire wall 15 IP address 10.1.2.200, the IP address 10.1.2.201 of fire wall 16, the IP address 10.1.2.202 of fire wall 17, daily record clothes It is, for example, 10.1.2.200 that business device 14 extracts the first identification information from daily record message, the first identification information 10.1.2.200 and the The match is successful by one classification information 10.1.2.200, represents that the daily record message uploads via fire wall 15 and obtains, log server 14 Storage location corresponding to first classification information 10.1.2.200 is defined as the first forward node, log server 14 is by daily record report Text is forwarded to first forward node.When in the absence of the second classification information, log server 14 is by daily record packet storage One forward node, the second classification information are the default next classification information of log server 14.Those skilled in the art can manage Of solution, the herein number of different information types default to log server 14, the classification information of identical information type Number is not restricted.By the embodiment of the present invention, log server 14 is existed based at least one first classification information to daily record message It is finely divided, and stores under the information type, is easy to administrative staff to carry out Classification Management to daily record, so as to solve daily record clothes Device 14 be engaged in because daily record packet storage amount is big, the problem of being not easy to inquire about.
Fig. 2 is the daily record storage organization figure of the storage method of a daily record message provided by the invention, with reference to Fig. 1, with day It is illustrative to the daily record storage organization shown in Fig. 2 exemplified by will server 14 has preset three kinds of information types.Such as Fig. 2 Shown, in one embodiment, log server 14 has preset the first classification information 21, the first classification information 22, first classification letter Breath 23;Corresponding second classification information 211 of first classification information 21 and the second classification information 212, the first classification information 22 corresponding the Two classification informations 221 and the corresponding classification letter of second classification information 231 and second of the second classification information 222, the first classification information 23 Breath 232;Corresponding 3rd classification information 2111 of second classification information 211 and the 3rd classification information 2112, the second classification information 212 are right Answer corresponding 3rd classification information 2211 of the 3rd classification information 2121 and the 3rd classification information 2122, the second classification information 221 and the Corresponding 3rd classification information 2221 of three classification informations 2212, the second classification information 222 and the classification of the 3rd classification information 2222, second Corresponding 3rd classification information 2311 of information 231 and corresponding 3rd classification information of the 3rd classification information 2312, the second classification information 232 2321 and the 3rd classification information 2322.For example, the first classification information 21 is 10.1.2.200, the first classification information 22 is 10.1.2.201, the first classification information 23 be 10.1.2.202;Second classification information 211 is 2016/11/29/AM, the second classification Information 212 is 2016/11/29/PM, the second classification information 221 is 2016/11/29/AM, the second classification information 222 is 2016/ 11/29/PM, the second classification information 231 are 2016/11/29/AM, the second classification information 232 is 2016/11/29/PM, wherein, AM is the 00 of on November 29th, 2016:00:The noon 12 on November 29th, 00 point 1:00:00 point, PM is in November, 2016 The noon 12 of 29 days:00:The 24 of on November 29th, 00 point 1:00:00 point;3rd classification information 2111 be AM before 6 hours, 3rd classification information 2112 be AM after 6 hours, the 3rd classification information 2121 be PM before 6 hours, the 3rd classification information 2122 be PM 6 hours afterwards, the 3rd classification information 2211 be AM before 6 hours, the 3rd classification information 2212 be AM after 6 hours, the 3rd classification information 2221 be PM before 6 hours, the 3rd classification information 2222 be PM after 6 hours, the 3rd classification information 2311 be AM before 6 hours, the 3rd Classification information 2312 be AM after 6 hours, the 3rd classification information 2321 be PM before 6 hours, it is 6 small after the 3rd classification information 2322 is PM When, wherein, 6 hours before AM are the 00 of on November 29th, 2016:00:The morning 06 on November 29th, 00 point 1:00:00 Point, it is within 6 hours after AM the morning 06 on November 29th, 2016:00:The noon 12 on November 29th, 00 point 1:00:00 point, 6 hours noons 12 on November 29th, 2016 before PM:00:The 18 of on November 29th, 00 point 1:00:00 point, 6 is small after PM When for the 18 of on November 29th, 2016:00:The 24 of on November 29th, 00 point 1:00:00 point.For example, log server 14 Daily record message is parsed, obtains the first identification information 10.1.2.200 carried in daily record message, the second identification information 2016/11/ 29/05:00:00, then 10.1.2.200 of the daily record message Jing Guo the first classification information 21, the 2016/ of the second classification information 211 11/29/AM, the 3rd classification information 2111 AM before 6 hours, the final daily record message is stored in the 3rd classification information 2111 In, specifically, log server 14 refers to the phase in following embodiment steps the step of how storage to daily record message Description is closed, is not described further first herein.It will be appreciated by persons skilled in the art that in daily record storage organization figure shown in Fig. 2 One classification information, the second classification information, the number of the 3rd classification information are merely illustrative, and can not be formed to the present invention's Limitation.
For the present invention is further described, there is provided the following example:
Fig. 3 is the daily record storage organization figure of the storage method of a daily record message provided by the invention, is shown with reference to Fig. 1 Example property explanation, as shown in figure 3, comprising the following steps:
Step 301:When receiving the daily record message from daily record source server, based on default at least one first point The information type of category information extracts the first identification information from daily record message, and at least one first classification information is used for daily record report Text is finely divided under the information type of the first classification information.When in the first identification information and at least one first classification information One of them first classification information performs step 302- steps 303 when the match is successful;When the first identification information and at least one the Each first classification information in one classification information performs step 304 when the match is successful.
Step 302:Storage location corresponding to one of them first classification information is defined as the first forward node, by daily record Message is forwarded to the first forward node.
Step 303:When in the absence of the second classification information, by daily record packet storage in the first forward node, the second classification Information is default next classification information.
Step 304:Abandon daily record message.
In step 301, in one embodiment, log server 14 has preset at least one first classification information, and this is extremely The information type of few first classification information is identical, and at least one first classification information is used for daily record message in the first classification It is finely divided under the information type of information, wherein, information type includes:Daily record source server (fire wall 15, fire wall 16, is prevented Wall with flues 17) IP address;Time cycle (my god);Time cycle (hour) etc..Log server 14 is based on the first classification information Information type extracts the first identification information from daily record message, using the information type of the first classification information as daily record source server Exemplified by IP address, log server 14 has preset three the first classification informations, the respectively IP address of fire wall 15 10.1.2.200, the IP address 10.1.2.202 of the IP address 10.1.2.201 of fire wall 16, fire wall 17, log server 14 It is, for example, 10.1.2.200 that the first identification information is extracted from daily record message, i.e., daily record source server herein is fire wall 15. When the match is successful for one of them first classification information in the first identification information and at least one first classification information, step is performed Rapid 302- steps 303, for example, the first identification information 10.1.2.200 matches with the 10.1.2.200 that the first classification information 21 stores Success, represent that the daily record message uploads via fire wall 15 and obtain;When the first identification information and at least one first classification information In each first classification information when the match is successful, perform step 304, be using the first identification information as 10.1.2.209 Example, 10.1.2.200 that the first identification information 10.1.2.209 stores with the first classification information 21, the first classification information 22 store 10.1.2.201, the first classification information 23 storage 10.1.2.202 the match is successful, then perform step 304.
In step 302, in one embodiment, log server 14 will store corresponding to one of them first classification information Position is defined as the first forward node, and daily record message is forwarded to the first forward node by log server 14.With reference to step 301 and Storage location corresponding to first classification information 21 is defined as the first forward node, log server 14 by Fig. 2, log server 14 Daily record message is forwarded to first forward node.
In step 303, in one embodiment, if log server 14 does not preset the second classification information, log services Device 14 by daily record packet storage in the first forward node, with reference to step 302, i.e., log server 14 by daily record packet storage Corresponding to one classification information 21 in storage location.
In step 304, in one embodiment, log server 14 abandons the daily record message.Therefore, default first point Category information can also play certain safety filtering effect.
In the embodiment of the present invention, when log server receives the daily record message from daily record source server, daily record clothes Business information type of the device based on default at least one first classification information extracts the first identification information from daily record message, when the One of them first classification information in one identification information and at least one first classification information is when the match is successful, log server Storage location corresponding to one of them first classification information is defined as the first forward node, when in the absence of the second classification information When, daily record packet storage is based at least one first classification information by log server in the first forward node, log server Daily record message is finely divided under the information type, and stored, is easy to administrative staff to carry out Classification Management to daily record, so as to To solve log server because daily record packet storage amount is big, the problem of being not easy to inquire about.
Fig. 4 is the embodiment flow chart of the storage method of another daily record message provided by the invention, the embodiment of the present invention It is illustrative with reference to Fig. 1, Fig. 3, as shown in figure 4, comprising the following steps:
Step 401:When receiving the daily record message from daily record source server, based on default at least one first point The information type of category information extracts the first identification information from daily record message, and at least one first classification information is used for daily record report Text is finely divided under the information type of the first classification information.
Step 402:One of them first classification information in the first identification information and at least one first classification information When the match is successful, storage location corresponding to one of them first classification information is defined as the first forward node, by daily record message It is forwarded to the first forward node.
Step 403:When in the absence of the second classification information, parsed from daily record message and obtain at least one letter to be stored Breath, the second classification information is default next classification information.
Step 404:At least one information to be stored is stored in the first forward node.
The associated description of step 401- steps 402 refers to the step 301-302 shown in Fig. 3, does not repeat herein.
In step 403, when not default second classification information of log server 14, log server 14 is from daily record message Middle parsing obtains at least one information to be stored.Information to be stored can be the friendship that administrative staff are installed by log server 14 Mutual software set, need the storage information that stores.Specifically, so that daily record message is NAT daily record messages as an example, information to be stored IP address 192.168.1.188, purpose IP address after IP address 10.1.1.10, NAT is changed before for example, NAT conversions 202.169.1.10, NAT changes front end slogan 80, NAT conversions rear end slogan 84, destination slogan 86, protocol number 2 etc..
In step 404, at least one information to be stored is stored in the first forward node by log server 14.
It will be appreciated by persons skilled in the art that step 403 can also before step 401, step 402 or it Afterwards, i.e., the sequential for obtaining at least one information to be stored to the parsing of log server 14 herein is not construed as limiting.
In the embodiment of the present invention, log server 14 parses effective information to be stored from daily record message, and will have The information to be stored of effect is stored so that log server 14 saves memory capacity when storing daily record message.
Fig. 5 is the embodiment flow chart of the storage method of another daily record message provided by the invention, the embodiment of the present invention It is illustrative with reference to Fig. 1, Fig. 2, Fig. 3, as shown in figure 5, comprising the following steps:
Step 501:When the second classification information be present, the information type based on the second classification information carries from daily record message The second identification information is taken, the first forward node corresponds to the storage location of at least one second classification information, and the second classification information is used In being finely divided to daily record message under the information type of the second classification information, when the second identification information and at least one second point One of them second classification information in category information performs step 502-503 when the match is successful;When the second identification information and at least Each second classification information in one the second classification information performs step 504-505 when the match is successful.
Step 502:Storage location corresponding to one of them second classification information is defined as the second forward node, by daily record Message is forwarded to the second forward node.
Step 503:When in the absence of three classification informations, by daily record packet storage in the second forward node, the 3rd classification Information is default next classification information.
Step 504:Another second classification information is established based on the second identification information, by corresponding to another second classification information Storage location is defined as the 3rd forward node.
Step 505:By daily record packet storage in the 3rd forward node.
In step 501, when the second classification information be present, info class of the log server 14 based on the second classification information Type extracts the second identification information from daily record message, and the first forward node corresponds to the storage position of at least one second classification information Put, the second classification information is used to be finely divided daily record message under the information type of the second classification information.With reference to Fig. 2, with One classification information 21 is 10.1.2.200, the first classification information 22 is 10.1.2.201, the first classification information 23 is 10.1.2.202 and the second classification information 211 be 2016/11/29/AM, the second classification information 212 be 2016/11/29/PM, Second classification information 221 is 2016/11/29/AM, the second classification information 222 is 2016/11/29/PM, the second classification information 231 It is 2016/11/29/PM for 2016/11/29/AM, the second classification information 232, the second identification information is 2016/11/29/05: 00:It is illustrative exemplified by 00.The information type of second classification information is the cycle (12 hours), and log server 14 is from day The second identification information 2016/11/29/05 is extracted in will message:00:00, with reference to step 302, corresponding to the first classification information 21 Storage location is confirmed as the first forward node, corresponding second classification information 211 of the first forward node be 2016/11/29/AM, Second classification information 212 is 2016/11/29/PM, the 2016/11/29/AM and the second classification information of the second classification information 211 212 2016/11/29/PM is used for the second identification information 2016/11/29/05 to daily record message:00:00 among AM and PM It is finely divided.
When one of them second classification information in the second identification information and at least one second classification information, the match is successful When, perform step 502-503, such as the second identification information 2016/11/29/05:00:00 and second classification information 211 The match is successful by 2016/11/29/AM, then performs step 502-503;When the second identification information and at least one second classification information In each second classification information when the match is successful, then perform step 504-505, such as the second identification information 2016/ 11/30/08:00:00 and second classification information 211 2016/11/29/AM and the second classification information 212 2016/11/ The match is successful by 29/PM, then performs step 504-505.
In step 502, storage location corresponding to one of them second classification information is defined as by log server 14 Daily record message is forwarded to the second forward node by two forward node, log server 14.Using the second identification information as 2016/11/ 29/05:00:Exemplified by 00, log server 14 is true by storage location corresponding to the 2016/11/29/AM of the second classification information 211 It is set to the second forward node, daily record message is forwarded to the second forward node by log server 14.
In step 503, when in the absence of three classification informations, log server 14 is by daily record packet storage at second turn Node is sent out, the 3rd classification information is default next classification information, with reference to Fig. 2, if the 3rd classification information in Fig. 2 not be present 2111, then log server 14 by daily record packet storage in the second classification information 211.
In step 504, another second classification information is established based on the second identification information, by another second classification information pair The storage location answered is defined as the 3rd forward node.Using the second identification information as 2016/11/30/08:00:Exemplified by 00, daily record clothes Business device 14 is based on the second identification information 2016/11/30/08:00:00 establishes another second classification information, and log server 14 will Storage location corresponding to another second classification information is defined as the 3rd forward node.
In step 504, log server 14 by daily record packet storage in the 3rd forward node.
In the embodiment of the present invention, if in the presence of the second classification information, log server 14 continues daily record message being based on the Two classification informations are finely divided, if the second classification information is not present, log server 14 is based on the second identification information and established separately One second classification information and by daily record packet storage in the 3rd forward node.Log server 14 is established based on the second identification information Another second classification information, the process that administrative staff artificially establish the second classification information is saved, improves log server 14 Store the efficiency of daily record message.
Corresponding to the storage method of above-mentioned daily record message, the invention also provides the hardware of the log server shown in Fig. 6 Structure chart.Refer to Fig. 6, in hardware view, the log server include processor, internal bus, network interface, internal memory and Nonvolatile memory, the hardware being also possible that certainly required for other business.Processor is read from nonvolatile memory Computer program corresponding to taking is into internal memory and then runs, and the storage device of daily record message is formed on logic level.Certainly, remove Outside software realization mode, the present invention is not precluded from other implementations, such as the side of logical device or software and hardware combining Formula etc., that is to say, that the executive agent of following handling process is not limited to each logic unit or hardware or patrolled Collect device.
Fig. 7 is the embodiment block diagram of the device of the storage of a daily record message provided by the invention, as shown in fig. 7, the day The storage device of will message can include:First extraction module 71, the first forwarding module 72, the first memory module 73, wherein:
First extraction module 71, for when receiving the daily record message from daily record source server, based on it is default extremely The information type of few first classification information extracts the first identification information, at least one first classification information from daily record message For being finely divided to daily record message under the information type of the first classification information;
First forwarding module 72, for when the first identification information and at least one first extracted in the first extraction module 71 One of them first classification information in classification information will store position when the match is successful corresponding to one of them first classification information Put and be defined as the first forward node, daily record message is forwarded to the first forward node;
First memory module 73, for when in the absence of the second classification information, daily record packet storage to be forwarded into mould first The first forward node determined in block 72, the second classification information are default next classification information.
Fig. 8 is the embodiment block diagram of the device of the storage of another daily record message provided by the invention, as shown in figure 8, On the basis of above-mentioned embodiment illustrated in fig. 7, the storage device of daily record message also includes:
Second extraction module 74, for when exist the second classification information when, the information type based on the second classification information from The second identification information is extracted in daily record message, the first forward node corresponds to the storage location of at least one second classification information, the Two classification informations are used to be finely divided daily record message under the information type of the second classification information;
Second forwarding module 75, for when the second identification information and at least one second extracted in the second extraction module 74 One of them second classification information in classification information will store position when the match is successful corresponding to one of them second classification information Put and be defined as the second forward node, daily record message is forwarded to the second forward node;
Second memory module 76, for when in the absence of three classification informations, daily record packet storage to be forwarded into mould second The second forward node determined in block 75, the 3rd classification information are default next classification information.
In one embodiment, the storage device of daily record message also includes:
Classification information establishes module 77, for the second identification information for extracting in the second extraction module 74 with it is at least one Each second classification information in second classification information establishes another second when the match is successful based on the second identification information Classification information, storage location corresponding to another second classification information is defined as the 3rd forward node;
3rd memory module 78, for daily record packet storage to be established in module 77 into the determine the 3rd forwarding in classification information Node.
In one embodiment, the storage device of daily record message also includes:
Daily record packet loss module 79, for the first identification information for extracting in the first extraction module 71 with it is at least one Each first classification information in first classification information abandons daily record message when the match is successful.
In one embodiment, when in the absence of the second classification information, the first memory module 73 includes:
Analyzing sub-module 731, at least one information to be stored is obtained for being parsed from daily record message;
Sub-module stored 732, at least one information to be stored to be stored in determined in the first forwarding module 72 One forward node.
The function of unit and the implementation process of effect specifically refer to and step are corresponded in the above method in said apparatus Implementation process, it will not be repeated here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is real referring to method Apply the part explanation of example.Device embodiment described above is only schematical, wherein described be used as separating component The unit of explanation can be or may not be physically separate, can be as the part that unit is shown or can also It is not physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to reality Need to select some or all of module therein to realize the purpose of the present invention program.Those of ordinary skill in the art are not paying In the case of going out creative work, you can to understand and implement.
As seen from the above-described embodiment, when log server receives the daily record message from daily record source server, daily record Information type of the server based on default at least one first classification information extracts the first identification information from daily record message, when One of them first classification information in first identification information and at least one first classification information is when the match is successful, log services Storage location corresponding to one of them first classification information is defined as the first forward node by device, when in the absence of the second classification information When, daily record packet storage is based at least one first classification information by log server in the first forward node, log server Daily record message is finely divided under the information type, and stored, is easy to administrative staff to carry out Classification Management to daily record, so as to To solve log server because daily record packet storage amount is big, the problem of being not easy to inquire about.
Those skilled in the art will readily occur to the present invention its after considering specification and putting into practice invention disclosed herein Its embodiment.It is contemplated that cover the present invention any modification, purposes or adaptations, these modifications, purposes or Person's adaptations follow the general principle of the present invention and including undocumented common knowledges in the art of the invention Or conventional techniques.Description and embodiments are considered only as exemplary, and true scope and spirit of the invention are by following Claim is pointed out.
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability Comprising so that process, method, commodity or equipment including a series of elements not only include those key elements, but also wrapping Include the other element being not expressly set out, or also include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that wanted including described Other identical element also be present in the process of element, method, commodity or equipment.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention God any modification, equivalent substitution and improvements done etc., should be included within the scope of protection of the invention with principle.

Claims (10)

1. a kind of storage method of daily record message, it is characterised in that methods described includes:
When receiving the daily record message from daily record source server, the information based on default at least one first classification information Type extracts the first identification information from the daily record message, and at least one first classification information is used for the daily record report Text is finely divided under the information type of first classification information;
When first identification information matches with one of them first classification information at least one first classification information During success, storage location corresponding to one of them described first classification information is defined as the first forward node, by the daily record Message is forwarded to first forward node;
When in the absence of the second classification information, by the daily record packet storage in first forward node, second classification Information is default next classification information.
2. according to the method for claim 1, it is characterised in that methods described also includes:
When second classification information be present, the information type based on second classification information carries from the daily record message Take the second identification information, first forward node corresponds to the storage location of at least one second classification information, described second point Category information is used to be finely divided the daily record message under the information type of second classification information;
When second identification information matches with one of them second classification information at least one second classification information During success, storage location corresponding to one of them described second classification information is defined as the second forward node, by the daily record Message is forwarded to second forward node;
When in the absence of three classification informations, by the daily record packet storage in second forward node, the 3rd classification Information is default next classification information.
3. according to the method for claim 2, it is characterised in that methods described also includes:
When each second classification information in second identification information and at least one second classification information not During with success, another second classification information is established based on second identification information, another second classification information is corresponding Storage location be defined as the 3rd forward node;
By the daily record packet storage in the 3rd forward node.
4. according to the method for claim 1, it is characterised in that methods described also includes:
When each first classification information in first identification information and at least one first classification information not During with success, the daily record message is abandoned.
5. according to the method for claim 1, it is characterised in that described to forward the daily record packet storage described first Node, including:
Parsing obtains at least one information to be stored from the daily record message;
At least one information to be stored is stored in first forward node.
6. a kind of device of the storage of daily record message, it is characterised in that described device includes:
First extraction module, for when receiving the daily record message from daily record source server, based on default at least one The information type of first classification information extracts the first identification information, at least one first classification letter from the daily record message Cease for being finely divided to the daily record message under the information type of first classification information;
First forwarding module, for when first identification information extracted in first extraction module with it is described at least one One of them first classification information in first classification information is corresponding by one of them described first classification information when the match is successful Storage location be defined as the first forward node, the daily record message is forwarded to first forward node;
First memory module, for when in the absence of the second classification information, the daily record packet storage to be forwarded described first First forward node determined in module, second classification information are default next classification information.
7. device according to claim 6, it is characterised in that described device also includes:
Second extraction module, for when second classification information be present, the information type based on second classification information The second identification information is extracted from the daily record message, first forward node corresponds to depositing at least one second classification information Storage space is put, and second classification information is used to carry out carefully the daily record message under the information type of second classification information Point;
Second forwarding module, for when second identification information extracted in second extraction module with it is described at least one One of them second classification information in second classification information is corresponding by one of them described second classification information when the match is successful Storage location be defined as the second forward node, the daily record message is forwarded to second forward node;
Second memory module, for when in the absence of three classification informations, the daily record packet storage to be forwarded described second Second forward node determined in module, the 3rd classification information are default next classification information.
8. device according to claim 6, it is characterised in that described device also includes:
Classification information establishes module, for when second identification information that is extracted in second extraction module with it is described at least Each second classification information in one the second classification information is established based on second identification information when the match is successful Another second classification information, storage location corresponding to another second classification information is defined as the 3rd forward node;
3rd memory module, for the daily record packet storage to be established into the determined in module the described 3rd in the classification information Forward node.
9. device according to claim 8, it is characterised in that described device also includes:
Daily record packet loss module, for when first identification information that is extracted in first extraction module with it is described at least Each first classification information in one the first classification information abandons the daily record message when the match is successful.
10. device according to claim 9, it is characterised in that when in the absence of the second classification information, first storage Module includes:
Analyzing sub-module, at least one information to be stored is obtained for being parsed from the daily record message;
Sub-module stored, described at least one information to be stored is stored in first forwarding module determines First forward node.
CN201611099761.2A 2016-12-02 2016-12-02 The storage method and device of daily record message Pending CN107342888A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611099761.2A CN107342888A (en) 2016-12-02 2016-12-02 The storage method and device of daily record message

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611099761.2A CN107342888A (en) 2016-12-02 2016-12-02 The storage method and device of daily record message

Publications (1)

Publication Number Publication Date
CN107342888A true CN107342888A (en) 2017-11-10

Family

ID=60222505

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611099761.2A Pending CN107342888A (en) 2016-12-02 2016-12-02 The storage method and device of daily record message

Country Status (1)

Country Link
CN (1) CN107342888A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109885546A (en) * 2019-02-15 2019-06-14 北京金山云网络技术有限公司 User behaviors log storage method, device and electronic equipment
CN110377481A (en) * 2019-06-19 2019-10-25 深圳壹账通智能科技有限公司 Blog management method, device, equipment and storage medium
CN112199053A (en) * 2020-12-02 2021-01-08 杭州觅睿科技股份有限公司 Log recording method, device and medium applied to small-capacity storage area

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101453378A (en) * 2008-12-30 2009-06-10 杭州华三通信技术有限公司 Method and system for log damp and audit
CN102611611A (en) * 2011-12-13 2012-07-25 北京安天电子设备有限公司 Log caching system and method
CN104883365A (en) * 2015-05-14 2015-09-02 浪潮电子信息产业股份有限公司 Method and device for storing and reading security logs and security control system
CN106055630A (en) * 2016-05-27 2016-10-26 北京小米移动软件有限公司 Log storage method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101453378A (en) * 2008-12-30 2009-06-10 杭州华三通信技术有限公司 Method and system for log damp and audit
CN102611611A (en) * 2011-12-13 2012-07-25 北京安天电子设备有限公司 Log caching system and method
CN104883365A (en) * 2015-05-14 2015-09-02 浪潮电子信息产业股份有限公司 Method and device for storing and reading security logs and security control system
CN106055630A (en) * 2016-05-27 2016-10-26 北京小米移动软件有限公司 Log storage method and device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109885546A (en) * 2019-02-15 2019-06-14 北京金山云网络技术有限公司 User behaviors log storage method, device and electronic equipment
CN110377481A (en) * 2019-06-19 2019-10-25 深圳壹账通智能科技有限公司 Blog management method, device, equipment and storage medium
CN110377481B (en) * 2019-06-19 2022-06-28 深圳壹账通智能科技有限公司 Log management method, device, equipment and storage medium
CN112199053A (en) * 2020-12-02 2021-01-08 杭州觅睿科技股份有限公司 Log recording method, device and medium applied to small-capacity storage area
CN112199053B (en) * 2020-12-02 2021-06-22 杭州觅睿科技股份有限公司 Log recording method, device and medium applied to small-capacity storage area

Similar Documents

Publication Publication Date Title
US9602530B2 (en) System and method for predicting impending cyber security events using multi channel behavioral analysis in a distributed computing environment
CN103621044B (en) Allow the method and system that domain name is used during network strategy is carried out
US7958227B2 (en) Attributes of captured objects in a capture system
US8365284B2 (en) Method for protecting a packet-based network from attacks, and security border node
US8645478B2 (en) System and method for monitoring social engineering in a computer network environment
CN101785263B (en) Method and apparatus for electronic mail filtering
EP3354000B1 (en) Device for providing domain names resolution services
US20100107085A1 (en) Control panel for managing multiple online data management solutions
US20100106764A1 (en) Datacenter hosting multiple online data management solutions
US20150033337A1 (en) Cyber security analytics architecture
US8731986B2 (en) Modulated cascading electronic messaging network
US20100106615A1 (en) Providing multiple online data management solutions
US9686233B2 (en) Tracking network packets across translational boundaries
US10659335B1 (en) Contextual analyses of network traffic
US20070177607A1 (en) Method for protecting SIP-based applications
CN107342888A (en) The storage method and device of daily record message
Ibrahim et al. VoIP evidence model: A new forensic method for investigating VoIP malicious attacks
Sudozai et al. Forensics study of IMO call and chat app
CN110210213A (en) The method and device of filtering fallacious sample, storage medium, electronic device
CN112688932A (en) Honeypot generation method, honeypot generation device, honeypot generation equipment and computer readable storage medium
CN106487654A (en) The method of message cluster transmition
US10956468B2 (en) Cognitive template question system
Mrdovic IoT forensics
CN107547523A (en) Message processing method, device, the network equipment and machinable medium
CN106657074A (en) URL camouflage and hidden parameter transmission method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171110