CN107612730A - A kind of log collection analysis method, device and system - Google Patents

A kind of log collection analysis method, device and system Download PDF

Info

Publication number
CN107612730A
CN107612730A CN201710840731.0A CN201710840731A CN107612730A CN 107612730 A CN107612730 A CN 107612730A CN 201710840731 A CN201710840731 A CN 201710840731A CN 107612730 A CN107612730 A CN 107612730A
Authority
CN
China
Prior art keywords
collected
journal file
service system
diary service
diary
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710840731.0A
Other languages
Chinese (zh)
Inventor
王洪添
杨宏林
朱斌
刘瑞慧
周立轲
李兴凯
王岗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Inspur Cloud Service Information Technology Co Ltd
Original Assignee
Shandong Inspur Cloud Service Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Inspur Cloud Service Information Technology Co Ltd filed Critical Shandong Inspur Cloud Service Information Technology Co Ltd
Priority to CN201710840731.0A priority Critical patent/CN107612730A/en
Publication of CN107612730A publication Critical patent/CN107612730A/en
Pending legal-status Critical Current

Links

Landscapes

  • Debugging And Monitoring (AREA)

Abstract

The invention provides a kind of log collection analysis method, device and system, this method includes:Determine Log Types corresponding at least one diary service system to be collected and each described diary service system to be collected;According to Log Types corresponding to each identified described diary service system to be collected, the journal file of each diary service system to be collected is obtained;Each acquired journal file is parsed;By each described journal file filing after parsing to outside storage device;Each described journal file after filing is analyzed.Therefore, scheme provided by the invention can improve the efficiency of operation system O&M.

Description

A kind of log collection analysis method, device and system
Technical field
The present invention relates to field of computer technology, more particularly to a kind of log collection analysis method, device and system.
Background technology
In the day-to-day operation of operation system, can produce largely includes operation system major part service link running situation Daily record.Log collection analysis serves vital effect for diagnostic system service exception or failure.
At present, the method for log collection analysis is usually:Technical staff is by way of manually gathering from each business system Daily record is gathered in system, then each daily record of the technical staff again to collection is inquired about and analyzed, with diagnostic system business whether There is exception or failure.
But the service link in operation system becomes increasingly complex, caused business diary into magnanimity increase so that day The analysis work of will is more cumbersome.Therefore, existing mode, operation system O&M it is less efficient.
The content of the invention
The embodiments of the invention provide a kind of log collection analysis method, device and system, operation system can be improved The efficiency of O&M.
In a first aspect, the embodiments of the invention provide a kind of log collection analysis method, this method includes:
Determine corresponding at least one diary service system to be collected and each described diary service system to be collected Log Types;
According to Log Types corresponding to each identified described diary service system to be collected, obtain described in each The journal file of diary service system to be collected;
Each acquired journal file is parsed;
By each described journal file filing after parsing to outside storage device;
Each described journal file after filing is analyzed.
Preferably,
When Log Types corresponding to any one first diary service system to be collected are that middleware monitors Log Types,
Log Types corresponding to each described diary service system to be collected determined by the basis, obtain each The journal file of the diary service system to be collected, including:
Log Types are monitored according to middleware corresponding to the identified first diary service system to be collected, with described first Diary service system to be collected establishes connection by the communication protocol of the JSON forms based on HTTP HTTP;
Judge whether the state parameter of journal file to be collected corresponding to the described first diary service system to be collected reaches Default state value, if it is, by the communication protocol of the JSON forms based on HTTP from the journal file to be collected The middle journal file for obtaining the first diary service system to be collected;
Wherein, the state parameter includes accumulative write time or accumulative write-in data volume;
When the state parameter is the accumulative write time, the state value is time threshold;When the state parameter is During accumulative write-in data volume, the state value is data-quantity threshold.
Preferably,
When Log Types corresponding to any one second diary service system to be collected are unstructured Log Types,
Log Types corresponding to each described diary service system to be collected determined by the basis, obtain each The journal file of the diary service system to be collected, including:
According to unstructured Log Types corresponding to the identified second diary service system to be collected, treated with described second Diary service system is gathered to establish by FTP ftp communication protocols or secure file transportation protocol sftp communication protocols Connection;
Judge whether the quantity of journal file to be collected corresponding to the described second diary service system to be collected reaches default Amount threshold, if it is, being obtained by the ftp communication protocols or sftp communication protocols from the journal file to be collected The journal file of the second diary service system to be collected.
Preferably,
When Log Types corresponding to any one the 3rd diary service system to be collected are structuring daily record,
Log Types corresponding to each described diary service system to be collected determined by the basis, obtain each The journal file of the diary service system to be collected, including:
According to structuring Log Types corresponding to the identified 3rd diary service system to be collected, determine that journal file carries Rule is taken, wherein, the journal file extracting rule includes setting file format, setting time, setting data volume, setting character At least one of length, setting character title are a variety of;
According to daily record to be collected corresponding to the journal file extracting rule from the described 3rd diary service system to be collected The journal file of the described 3rd diary service system to be collected is obtained in file.
Preferably,
It is described that each acquired journal file is parsed, including:
Preset an at least keyword;
Each acquired described journal file is resolved to the journal file of string format;
According at least one keyword, the journal file of the string format to be parsed adds at least one target Keyword.
Preferably,
Each described journal file after described pair of filing is analyzed, including:
Judge whether each described journal file after filing meets analysis rule set in advance, if not, generation Warning message;
The analysis rule includes:Be not null value including content corresponding to the character string set in advance that reports an error, keyword, The generation time is that time set in advance, data volume are at least one of data volume set in advance or a variety of.
Preferably,
The warning message includes:It is any one in SMS alarm information, mail warning message and interface warning message Kind is a variety of.
Second aspect, the embodiments of the invention provide a kind of log collection analytical equipment, the device includes:
Determining unit, for determining at least one diary service system to be collected and each described daily record industry to be collected Log Types corresponding to business system;
Acquiring unit, it is corresponding for each described diary service system to be collected according to determined by the determining unit Log Types, obtain the journal file of each diary service system to be collected;
Resolution unit, for being parsed to each described journal file acquired in the acquiring unit;
Profiling unit, for each described journal file filing after the resolution unit is parsed to outside storage Equipment;
Analytic unit, analyzed for each described journal file after filing to the profiling unit.
Preferably,
When Log Types corresponding to any one first diary service system to be collected are that middleware monitors Log Types,
The acquiring unit, including:First establishes subelement and the first judgment sub-unit;
Described first establishes subelement, for the middleware corresponding to the first diary service system to be collected determined by Log Types are monitored, pass through the JSON forms based on HTTP HTTP with the described first diary service system to be collected Communication protocol establish connection;
First judgment sub-unit, for judging daily record to be collected corresponding to the described first diary service system to be collected Whether the state parameter of file reaches default state value, if it is, the communication protocols by the JSON forms based on HTTP View obtains the journal file of the described first diary service system to be collected from the journal file to be collected;Wherein, the shape State parameter includes accumulative write time or accumulative write-in data volume;When the state parameter is the accumulative write time, the shape State value is time threshold;When the state parameter is adds up write-in data volume, the state value is data-quantity threshold.
Preferably,
When Log Types corresponding to any one second diary service system to be collected are unstructured Log Types,
The acquiring unit, including:Second establishes subelement and the second judgment sub-unit;
Described second establishes subelement, for non-structural corresponding to the second diary service system to be collected determined by Change Log Types, pass through FTP ftp communication protocols or secure file with the described second diary service system to be collected Transportation protocol sftp communication protocols establish connection;
Second judgment sub-unit, for judging daily record to be collected corresponding to the described second diary service system to be collected Whether the quantity of file reaches default amount threshold, if it is, by the ftp communication protocols or sftp communication protocols from institute State the journal file that the described second diary service system to be collected is obtained in journal file to be collected.
Preferably,
When Log Types corresponding to any one the 3rd diary service system to be collected are structuring daily record,
The acquiring unit, including:Determination subelement and extraction subelement;
The determination subelement, for the structuring daily record corresponding to the 3rd diary service system to be collected determined by Type, determine journal file extracting rule, wherein, the journal file extracting rule include setting file format, setting time, Set at least one of data volume, setting character length, setting character title or a variety of;
The extraction subelement, for according to the journal file extracting rule from the described 3rd diary service system to be collected The journal file of the described 3rd diary service system to be collected is obtained in journal file to be collected corresponding to system.
Preferably,
The resolution unit, including:Parse subelement and addition subelement;
The setting subelement, for presetting an at least keyword;By each acquired daily record text Part resolves to the journal file of string format;
The addition subelement, for according at least one keyword, for the daily record of the string format parsed File adds at least one target keywords.
Preferably,
The analytic unit, for judging whether each described journal file after filing meets analysis set in advance Rule, if not, generation warning message;Wherein, the analysis rule includes:Do not include the character string set in advance that reports an error, close It null value, generation time is that time set in advance, data volume are in data volume set in advance that content corresponding to key word, which is not, It is at least one or more of.
The third aspect, the embodiments of the invention provide a kind of log collection analysis system, the system includes:
Any of the above-described described log collection analytical equipment, storage device and at least one diary service system to be collected System;
Each described diary service system to be collected, for obtaining journal file in the log collection analytical equipment When, provide journal file for the log collection analytical equipment;
The storage device, for filing each described journal file after the log collection analytical equipment parses.
The embodiments of the invention provide a kind of log collection analysis method, device and system, it is first determined each to wait to adopt Collect daily record operation system, and determine Log Types corresponding to each diary service system to be collected.Then wait to adopt according to each Collect Log Types corresponding to daily record operation system, each diary service system to be collected is obtained using method corresponding with Log Types The journal file of system.After the completion for the treatment of that journal file obtains, each journal file of acquisition is parsed, and will be each after parsing Individual journal file filing is into storage device.Then each journal file after filing is analyzed, with according to journal file Understand the running situation of each diary service system to be collected., can be according to each to be collected in this programme by above-mentioned Log Types corresponding to diary service system obtain journal file, and each journal file is parsed, filed and analyzed Operation.To understand the running situation of each diary service system to be collected in time according to journal file.Therefore, the embodiment of the present invention The scheme of offer can improve the efficiency of operation system O&M.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are the present invention Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis These accompanying drawings obtain other accompanying drawings.
Fig. 1 is a kind of flow chart for log collection analysis method that one embodiment of the invention provides;
Fig. 2 is a kind of flow chart for log collection analysis method that another embodiment of the present invention provides;
Fig. 3 is a kind of hardware configuration of equipment where a kind of log collection analytical equipment that one embodiment of the invention provides Figure;
Fig. 4 is a kind of structural representation for log collection analytical equipment that one embodiment of the invention provides;
Fig. 5 is a kind of day that subelement and the first judgment sub-unit are established including first that one embodiment of the invention provides The structural representation of will acquisition and analysis device;
Fig. 6 is a kind of day that subelement and the second judgment sub-unit are established including second that one embodiment of the invention provides The structural representation of will acquisition and analysis device;
Fig. 7 is a kind of log collection point including determination subelement and extraction subelement that one embodiment of the invention provides The structural representation of analysis apparatus;
Fig. 8 is a kind of log collection point including parsing subelement and addition subelement that one embodiment of the invention provides The structural representation of analysis apparatus;
Fig. 9 is a kind of structural representation for log collection analysis system that one embodiment of the invention provides.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is Part of the embodiment of the present invention, rather than whole embodiments, based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained on the premise of creative work is not made, belongs to the scope of protection of the invention.
As shown in figure 1, the embodiments of the invention provide a kind of log collection analysis method, this method can include following step Suddenly:
Step 101:Determine at least one diary service system to be collected and each described diary service system to be collected Log Types corresponding to system;
Step 102:According to Log Types corresponding to each identified described diary service system to be collected, obtain every The journal file of one diary service system to be collected;
Step 103:Each acquired journal file is parsed;
Step 104:By each described journal file filing after parsing to outside storage device;
Step 105:Each described journal file after filing is analyzed.
Embodiment according to Fig. 1, it is first determined each diary service system to be collected, and determine that each is to be collected Log Types corresponding to diary service system.Then the Log Types according to corresponding to each diary service system to be collected, use Method corresponding with Log Types obtains the journal file of each diary service system to be collected.Treat that journal file obtains to complete Afterwards, each journal file of acquisition is parsed, and each journal file after parsing is filed into storage device.Then Each journal file after filing is analyzed, to understand the operation of each diary service system to be collected according to journal file Situation.By above-mentioned, day can be obtained by Log Types according to corresponding to each diary service system to be collected in this programme Will file, and each journal file is parsed, filed and analysis operation.To understand each treat in time according to journal file Gather the running situation of diary service system.Therefore, scheme provided in an embodiment of the present invention can improve operation system O&M Efficiency.
In an embodiment of the invention, the quantity of diary service system to be collected and pattern can be wanted according to business Ask determination.For example diary service system to be collected can be E-Government operation system.
In an embodiment of the invention, Log Types corresponding to a diary service system to be collected can be it is a kind of or It is a variety of.
In an embodiment of the invention, when Log Types difference, the method for obtaining journal file also can be different.Daily record Type at least has following three kinds:
Type one:Middleware monitors Log Types;
Type two:Unstructured Log Types;
Type three:Structuring Log Types.
It is directed to above-mentioned type one:
In an embodiment of the invention, during Log Types corresponding to any one first diary service system to be collected are Between part monitoring Log Types when,
Step 102 in flow chart shown in above-mentioned Fig. 1 is according to each identified described diary service system to be collected Corresponding Log Types, the journal file of each diary service system to be collected is obtained, can be included:
Log Types are monitored according to middleware corresponding to the identified first diary service system to be collected, with described first Diary service system to be collected establishes connection by the communication protocol of the JSON forms based on HTTP HTTP;
Judge whether the state parameter of journal file to be collected corresponding to the described first diary service system to be collected reaches Default state value, if it is, by the communication protocol of the JSON forms based on HTTP from the journal file to be collected The middle journal file for obtaining the first diary service system to be collected;
Wherein, the state parameter includes accumulative write time or accumulative write-in data volume;
When the state parameter is the accumulative write time, the state value is time threshold;When the state parameter is During accumulative write-in data volume, the state value is data-quantity threshold.
In the present embodiment, the journal file of middleware monitoring Log Types, it is to be produced in diary service system to be collected The data that not recorded the real-time status in database or text.
In the present embodiment, the communication protocol for passing through the JSON forms based on HTTP with the first diary service system to be collected When establishing connection completion, journal file can be obtained by the program of the communication protocol of JSON form of the arrangement based on HTTP. Wherein, program can be the open source projects jolokia of remote management.Because the communication protocol of the JSON forms based on HTTP is not required to Remote port is opened, is directly disposed, and the function with batch operation, therefore that applies more facilitates.
In the present embodiment, when state parameter is the accumulative write time, state value is time threshold.For example treat when first When accumulative write time of journal file to be collected corresponding to collection diary service system reaches time threshold, then by based on The communication protocol of HTTP JSON forms obtains the daily record text of the first diary service system to be collected from journal file to be collected Part.Wherein, time threshold can determine according to business need.It should be noted that default time threshold is unsuitable excessive, avoid It is excessive to there is the data volume that acquisition journal file includes.
In the present embodiment, when state parameter is adds up write-in data volume, state value is data-quantity threshold.Such as when When the accumulative write-in data volume of journal file to be collected reaches data-quantity threshold corresponding to one diary service system to be collected, then lead to The communication protocol for crossing the JSON forms based on HTTP obtains the first diary service system to be collected from journal file to be collected Journal file.Wherein, data-quantity threshold can determine according to business need.It should be noted that default data-quantity threshold is not It is preferably excessive, avoid the occurrence of because data volume causes to obtain the slower situation of journal file greatly.
It is directed to above-mentioned type two:
In an embodiment of the invention, Log Types corresponding to any one second diary service system to be collected are non- During structuring Log Types,
Step 102 in flow chart shown in above-mentioned Fig. 1 is according to each identified described diary service system to be collected Corresponding Log Types, the journal file of each diary service system to be collected is obtained, can be included:
According to unstructured Log Types corresponding to the identified second diary service system to be collected, treated with described second Diary service system is gathered to establish by FTP ftp communication protocols or secure file transportation protocol sftp communication protocols Connection;
Judge whether the quantity of journal file to be collected corresponding to the described second diary service system to be collected reaches default Amount threshold, if it is, being obtained by the ftp communication protocols or sftp communication protocols from the journal file to be collected The journal file of the second diary service system to be collected.
In the present embodiment, the journal file of unstructured Log Types, it is caused by diary service system to be collected It recorded the unstructured data of the file system such as text.The journal file to be collected of unstructured Log Types is recorded in number According in storehouse, and each journal file to be collected is respectively provided with the size of setting.
In the present embodiment, amount threshold can determine according to business need.It should be noted that in quantification threshold value Size when, it is necessary to consider the size of data volume, avoid the occurrence of because data volume is excessive, cause to occur journal file obtain it is slower Situation.
It is directed to above-mentioned type three:
In an embodiment of the invention, Log Types corresponding to any one the 3rd diary service system to be collected are knot During structure daily record,
Step 102 in flow chart shown in above-mentioned Fig. 1 is according to each identified described diary service system to be collected Corresponding Log Types, the journal file of each diary service system to be collected is obtained, can be included:
According to structuring Log Types corresponding to the identified 3rd diary service system to be collected, determine that journal file carries Rule is taken, wherein, the journal file extracting rule includes setting file format, setting time, setting data volume, setting character At least one of length, setting character title are a variety of;
According to daily record to be collected corresponding to the journal file extracting rule from the described 3rd diary service system to be collected The journal file of the described 3rd diary service system to be collected is obtained in file.
In the present embodiment, the journal file of structuring Log Types, it is caused note in diary service system to be collected Record the structural data of database storage location.Structural data is come logical expression and the number realized by bivariate table structure According to strictly following the data of data format and length specification.Therefore when needs obtain the daily record of needs from structural data During file, it is necessary to set corresponding journal file extracting rule just to extract journal file.
In the present embodiment, journal file extracting rule can determine according to business need.Journal file extracting rule can With including at least one of setting file format, setting time, setting data volume, setting character length, setting character title It is or a variety of.
When extracting rule includes setting file format in journal file, then from the 3rd diary service system pair to be collected The journal file of setting file format is obtained in the journal file to be collected answered.Such as when setting file format as JSON forms When, then from journal file to be collected corresponding to the 3rd diary service system to be collected obtain JSON forms journal file.
When extracting rule includes setting time in journal file, then from corresponding to the 3rd diary service system to be collected The journal file that the generation time is setting time is obtained in journal file to be collected.Such as when setting time is 20:When 00, then It is 20 that the generation time is obtained from journal file to be collected corresponding to the 3rd diary service system to be collected:00 journal file.
It is when extracting rule includes setting data volume in journal file, then corresponding from the 3rd diary service system to be collected Journal file to be collected in obtain data volume for setting data volume journal file.Such as when setting data volume as 10G, The journal file that data volume is 10G is then obtained from journal file to be collected corresponding to the 3rd diary service system to be collected.
When extracting rule includes setting character length in journal file, then from the 3rd diary service system pair to be collected Journal file of the character length for setting character length is obtained in the journal file to be collected answered.Such as when setting character length For 10 when, then from journal file to be collected corresponding to the 3rd diary service system to be collected obtain character length be 10 daily record File.
When extracting rule includes setting character title in journal file, then from the 3rd diary service system pair to be collected The journal file of the entitled setting character title of character is obtained in the journal file to be collected answered.Such as when setting character title For S when, then character entitled S daily record text is obtained from journal file to be collected corresponding to the 3rd diary service system to be collected Part.
According to above-described embodiment, when diary service system to be collected corresponds to different Log Types, using different methods Remove to obtain the journal file of diary service system to be collected.Due to going to obtain daily record text using method corresponding with Log Types Part, therefore the accuracy of the journal file obtained is higher.
In an embodiment of the invention, the step 103 in above-mentioned embodiment illustrated in fig. 1 is to described in each acquired Journal file is parsed, and can be included:
Preset an at least keyword;
Each acquired described journal file is resolved to the journal file of string format;
According at least one keyword, the journal file of the string format to be parsed adds at least one target Keyword.
In the present embodiment, at least one keyword can determine according to business need.For example can be time, mark At least one of ID, operator, operating time, IP address, function title, operational instances, action type, implementing result or more Kind.
In the present embodiment, each journal file of acquisition is converted into character according to the string segmentation rule of setting The journal file of string format.Wherein, string segmentation rule can at least include any one in following three kinds:The first, Split according to space;Second:Split according to default symbol;The third:Carried out according to default character quantity Segmentation.
In the present embodiment, after treating that each acquired journal file resolves to the journal file of string format, Each keyword is compared with the journal file of each string format, when it is determined that current keyword and character string lattice When any character string in the journal file of formula matches, it is target keywords to determine current keyword, and is string format Journal file addition target keywords.
According to above-described embodiment, each acquired journal file is resolved to the journal file of string format, and It is that the journal file of each string format adds target keywords according to advance keyword.To cause journal file more What is added is clear, so as to improve the accuracy rate of log file analysis.
In an embodiment of the invention, storage device involved in step 104 in flow chart shown in above-mentioned Fig. 1 can be with For distributed file system.When using distributed file system, the security of the journal file storage of filing is higher, and handles Efficiency is higher.
In the present embodiment, each journal file can be deposited according to corresponding diary service system progress subregion to be collected Storage, each diary service system to be collected are respectively provided with corresponding subregion, in order to be managed to each journal file, avoided Obscure.
In an embodiment of the invention, the step 105 in above-mentioned embodiment illustrated in fig. 1 is to described in each after filing Journal file is analyzed, and can be included:
Judge whether each described journal file after filing meets analysis rule set in advance, if not, generation Warning message;
The analysis rule includes:Be not null value including content corresponding to the character string set in advance that reports an error, keyword, The generation time is that time set in advance, data volume are at least one of data volume set in advance or a variety of.
In the present embodiment, analysis rule can determine according to business need.When analysis rule includes setting in advance It is fixed report an error character string when, judge whether each described journal file does not include the character string set in advance that reports an error, if it is, Illustrating journal file, there is no problem, otherwise, illustrates journal file exception, then generates warning message, should with informing business personnel Diary service system operation to be collected is abnormal corresponding to journal file.
When analysis rule is not null value including content corresponding to keyword, judge whether each described journal file closes Content corresponding to key word is not null value, if it is, there is no problem for explanation journal file, otherwise, illustrates journal file exception, then Warning message is generated, with informing business personnel, diary service system operation to be collected is abnormal corresponding to the journal file.
When it is the time set in advance that analysis rule, which includes the generation time, judge whether each described journal file gives birth to It is the time set in advance into the time, if it is, there is no problem for explanation journal file, otherwise, illustrates journal file exception, then Warning message is generated, with informing business personnel, diary service system operation to be collected is abnormal corresponding to the journal file.
When it is the time set in advance that analysis rule, which includes the generation time, judge whether each described journal file counts It is data volume set in advance according to amount, if it is, there is no problem for explanation journal file, otherwise, illustrates journal file exception, then Warning message is generated, with informing business personnel, diary service system operation to be collected is abnormal corresponding to the journal file.
In the present embodiment, journal file title, abnormal data and journal file can be included in warning message to correspond to Diary service systematic name to be collected.
According to above-described embodiment, judge whether each journal file after filing meets analysis rule set in advance. When the journal file after judging filing does not meet analysis rule set in advance, warning message is generated, with informing business people Diary service system operation to be collected corresponding to member's journal file is abnormal, abnormal to exclude in time, ensures daily record industry to be collected Business system normal operation.
In an embodiment of the invention, the warning message includes:SMS alarm information, mail warning message and boundary Any one or more in the warning message of face.
In the present embodiment, the specific pattern of warning message can determine according to business need.When warning message is including short When believing warning message, short message bag is generated according to the information for not meeting analysis rule judged, and short message bag is sent to specified Mobile phone, with notify mobile phone user of service according to short message carry out abnormality processing.When warning message includes mail warning message, root It is judged that the information for the not meeting analysis rule generation mail gone out, and mail is sent in the client's mailbox specified, with notice Client's mailbox user of service carries out abnormality processing according to mail.When warning message includes interface warning message, according to judging The information for not meeting analysis rule generation interface information, and the terminal used in business personnel is hit by a bullet out interface information, with logical Person in charge of reception at ceremonies family mailbox user of service carries out abnormality processing according to interface information.
According to above-described embodiment, the specific pattern of warning message can determine according to business need.Short message report can be selected Warn any one or more in information, mail warning message and interface warning message.Therefore the business of warning message is applicable Property is stronger.
Below exemplified by it diary service system 1 to be collected and diary service system 2 to be collected be present.Expansion explanation daily record Capturing analysis method, as shown in Fig. 2 the log collection analysis method may include steps of:
Step 201:Determine at least one diary service system to be collected and each diary service system pair to be collected The Log Types answered.
In this step, determine Log Types corresponding to diary service system 1 to be collected for middleware monitor Log Types, Log Types corresponding to diary service system 2 to be collected are structuring Log Types.
Step 202:Determine Log Types corresponding to each diary service system to be collected;When diary service system to be collected When Log Types corresponding to system are that middleware monitors Log Types, step 203 is performed;When corresponding to diary service system to be collected When Log Types are unstructured Log Types, step 208 is performed;When Log Types corresponding to diary service system to be collected are During structuring daily record, step 213 is performed.
In this step, Log Types corresponding to diary service system 1 to be collected are that middleware monitors Log Types execution Step 203;Log Types corresponding to diary service system 2 to be collected are that structuring Log Types perform step 213.
Step 203:Each diary service system to be collected with middleware monitoring Log Types based on hypertext by being passed The communication protocol of defeated agreement HTTP JSON forms establishes connection.
In this step, established with diary service system 1 to be collected by the communication protocol of the JSON forms based on HTTP When connection is completed, journal file can be obtained by the program of the communication protocol of JSON form of the arrangement based on HTTP.
Step 204:Selection one is waited to adopt in the diary service system to be collected of each middle monitoring Log Types successively Collect daily record operation system as current diary service system to be collected.
Step 205:Whether the state parameter of journal file to be collected corresponding to the current diary service system to be collected of judgement Reach default state value, if it is, performing step 206;Otherwise, this step is continued executing with.
In this step, state parameter is the accumulative write time, and state value is time threshold.Judge diary service to be collected The accumulative write time of journal file to be collected corresponding to system 1 reaches time threshold, performs step 206.
Step 206:Obtained from journal file to be collected by the communication protocol of the JSON forms based on HTTP and currently treated Gather the journal file of diary service system.
Step 207:Judge whether current diary service system to be collected is that treating for Log Types is monitored among last Diary service system is gathered, if it is, performing step 217;Otherwise, step 204 is performed.
Step 208:Pass through FTP ftp with the diary service system to be collected of each unstructured Log Types Communication protocol establishes connection.
Step 209:One is selected in the diary service system to be collected of each unstructured Log Types successively to wait to adopt Collect daily record operation system as current diary service system to be collected.
Step 210:Judge whether the quantity of journal file to be collected corresponding to current diary service system to be collected reaches Default amount threshold, if it is, performing step 211;Otherwise, this step is continued executing with.
Step 211:Current diary service system to be collected is obtained from journal file to be collected by ftp communication protocols Journal file.
Step 212:Judge whether current diary service system to be collected is treating for last unstructured Log Types Diary service system is gathered, if it is, performing step 217;Otherwise, step 209 is performed.
Step 213:Determine journal file extracting rule.
In this step, journal file extracting rule includes setting file format TXT, setting time 20:00.
Step 214:Selection one is to be collected in the diary service system to be collected of each structuring Log Types successively Diary service system is as current diary service system to be collected.
Step 215:According to daily record to be collected corresponding to journal file extracting rule from current diary service system to be collected The journal file of current diary service system to be collected is obtained in file.
In this step, according to setting file format TXT, setting time 20:00 in the correspondence of diary service system 2 to be collected Journal file to be collected in obtain file format TXT and generation the time be 20:00 journal file.
Step 216:Judge whether current diary service system to be collected is that last structuring Log Types is waited to adopt Collect daily record operation system, if it is, performing step 217;Otherwise, step 214 is performed.
Step 217:Set at least one keyword.
In this step, keyword includes:Time, mark ID, operator, operating time.
Step 218:Each acquired journal file is resolved to the journal file of string format.
In this step, each acquired journal file is split according to default character quantity.Resolve to The journal file of string format.
Step 219:It is at least one for the journal file addition of resolved to string format according at least one keyword Target keywords.
In this step, be corresponding to diary service system 1 to be collected journal file add keyword " time, mark ID, Operator ", it is that journal file corresponding to diary service system 2 to be collected adds keyword " time, mark ID, operator, operation Time ".
Step 220:By each journal file filing after parsing to outside storage device.
In this step, the journal file after parsing is filed into distributed file system.
Step 221:A journal file is selected in each journal file successively as current log file.
Step 222:Judge whether current log file meets analysis rule set in advance, if not, performing step 223, otherwise, perform step 224.
In this step, analysis rule is data volume set in advance including data volume, judges diary service to be collected Journal file corresponding to system 2 does not meet the requirement of data volume set in advance, performs step 223.
Step 223:Generate warning message.
It is total in this step, short message bag is generated according to the information for not meeting analysis rule judged, and short message bag is sent To the mobile phone specified, to notify mobile phone user of service to carry out abnormality processing according to short message.
Step 224:Judge whether current log file is last journal file, if it is, terminate current process, it is no Then, step 221 is performed.
As shown in Figure 3, Figure 4, the embodiments of the invention provide a kind of log collection analytical equipment.Device embodiment can lead to Software realization is crossed, can also be realized by way of hardware or software and hardware combining.For hardware view, as shown in figure 3, being A kind of hardware structure diagram of equipment where log collection analytical equipment provided in an embodiment of the present invention, except the processing shown in Fig. 3 Outside device, internal memory, network interface and nonvolatile memory, the equipment in embodiment where device can also generally include Other hardware, such as it is responsible for the forwarding chip of processing message.Exemplified by implemented in software, as shown in figure 4, being anticipated as a logic Device in justice, it is to be read corresponding computer program instructions in nonvolatile memory by the CPU of equipment where it Operation is formed in internal memory.The log collection analytical equipment that the present embodiment provides, including:
Determining unit 401, for determining at least one diary service system to be collected and each described day to be collected Log Types corresponding to will operation system;
Acquiring unit 402, for each described diary service system to be collected according to determined by the determining unit 401 Log Types corresponding to system, obtain the journal file of each diary service system to be collected;
Resolution unit 403, for being parsed to each described journal file acquired in the acquiring unit 402;
Profiling unit 404, for each described journal file filing after the resolution unit 403 is parsed to outside Storage device;
Analytic unit 405, analyzed for each described journal file after filing to the profiling unit 404.
Embodiment according to Fig. 4, using acquiring unit according to determined by determining unit each daily record industry to be collected Log Types corresponding to business system, obtain the journal file of each diary service system to be collected.Then resolution unit is utilized Each journal file acquired in acquiring unit is parsed.Recycle profiling unit resolution unit is parsed after it is each Storage device of the journal file filing to outside.So that each journal file after analytic unit is filed to profiling unit divides Analysis, to understand the running situation of each diary service system to be collected according to journal file., can in this programme by above-mentioned Journal file is obtained with the Log Types according to corresponding to each diary service system to be collected, and each journal file is solved Analysis, filing and analysis operation.To understand the running situation of each diary service system to be collected in time according to journal file.Cause This, scheme provided in an embodiment of the present invention can improve the efficiency of operation system O&M.
In an embodiment of the invention, as shown in figure 5, day corresponding to any one first diary service system to be collected When will type is that middleware monitors Log Types,
The acquiring unit 402 can include:First establishes the judgment sub-unit 502 of subelement 501 and first;
Described first establishes subelement 501, used in corresponding to the first diary service system to be collected determined by Between part monitoring Log Types, pass through the JSON based on HTTP HTTP with the described first diary service system to be collected The communication protocol of form establishes connection;
First judgment sub-unit 502, it is to be collected corresponding to the described first diary service system to be collected for judging Whether the state parameter of journal file reaches default state value, if it is, passing through the logical of the JSON forms based on HTTP Letter agreement obtains the journal file of the described first diary service system to be collected from the journal file to be collected;Wherein, institute Stating state parameter includes accumulative write time or accumulative write-in data volume;When the state parameter is the accumulative write time, institute It is time threshold to state state value;When the state parameter is adds up write-in data volume, the state value is data-quantity threshold.
In an embodiment of the invention, as shown in fig. 6, day corresponding to any one second diary service system to be collected When will type is unstructured Log Types,
The acquiring unit 402 can include:Second establishes the judgment sub-unit 602 of subelement 601 and second;
Described second establishes subelement 601, for non-corresponding to the second diary service system to be collected determined by Structuring Log Types, pass through FTP ftp communication protocols or safety with the described second diary service system to be collected FTP sftp communication protocols establish connection;
Second judgment sub-unit 602, it is to be collected corresponding to the described second diary service system to be collected for judging Whether the quantity of journal file reaches default amount threshold, if it is, passing through the ftp communication protocols or sftp communication protocols The journal file of the described second diary service system to be collected is obtained from the journal file to be collected.
In an embodiment of the invention, as shown in fig. 7, day corresponding to any one the 3rd diary service system to be collected When will type is structuring daily record,
The acquiring unit 402 can include:Determination subelement 701 and extraction subelement 702;
The determination subelement 701, for the structuring corresponding to the 3rd diary service system to be collected determined by Log Types, journal file extracting rule is determined, wherein, the journal file extracting rule includes setting file format, setting At least one of time, setting data volume, setting character length, setting character title are a variety of;
The extraction subelement 702, for according to the journal file extracting rule from the described 3rd daily record industry to be collected The journal file of the described 3rd diary service system to be collected is obtained in journal file to be collected corresponding to business system.
In an embodiment of the invention, as shown in figure 8, the resolution unit 403 can include:Parse subelement 801 With addition subelement 802;
The setting subelement 801, for presetting an at least keyword;By each acquired daily record Document analysis is the journal file of string format;
The addition subelement 802, for according at least one keyword, for the day of the string format parsed Will file adds at least one target keywords.
In an embodiment of the invention, the analytic unit 405, for judging each described daily record text after filing Whether part meets analysis rule set in advance, if not, generation warning message;Wherein, the analysis rule includes:Do not include Content corresponding to the character string set in advance that reports an error, keyword is not null value, the generation time is time set in advance, data volume For at least one of data volume set in advance or a variety of.
As shown in figure 9, the embodiments of the invention provide a kind of log collection analysis system, the system can include:
Any of the above-described described log collection analytical equipment 901, storage device 902 and at least one daily record industry to be collected Business system 903;
Each described diary service system 903 to be collected, for obtaining daily record in the log collection analytical equipment 901 During file, journal file is provided for the log collection analytical equipment 901;
The storage device 902, for filing each described daily record after the log collection analytical equipment 901 parses File.
Embodiment according to Fig. 9, each diary service system to be collected obtain daily record in log collection analytical equipment During file, journal file is provided for log collection analytical equipment.Then when daily record acquisition and analysis device parses each journal file Afterwards, each journal file after being parsed using storage device archive log acquisition and analysis device.By above-mentioned, this programme Middle log collection analytical equipment can according to corresponding to each diary service system to be collected Log Types obtain journal file, and Each journal file is parsed, filed and analysis operation.To understand each daily record to be collected in time according to journal file The running situation of operation system.Therefore, scheme provided in an embodiment of the present invention can improve the efficiency of operation system O&M.
The contents such as the information exchange between each unit, implementation procedure in said apparatus, due to implementing with the inventive method Example is based on same design, and particular content can be found in the narration in the inventive method embodiment, and here is omitted.
In summary, each embodiment of the present invention can at least realize following beneficial effect:
1st, in embodiments of the present invention, it is first determined each diary service system to be collected, and determine that each is to be collected Log Types corresponding to diary service system.Then the Log Types according to corresponding to each diary service system to be collected, use Method corresponding with Log Types obtains the journal file of each diary service system to be collected.Treat that journal file obtains to complete Afterwards, each journal file of acquisition is parsed, and each journal file after parsing is filed into storage device.Then Each journal file after filing is analyzed, to understand the operation of each diary service system to be collected according to journal file Situation.By above-mentioned, day can be obtained by Log Types according to corresponding to each diary service system to be collected in this programme Will file, and each journal file is parsed, filed and analysis operation.To understand each treat in time according to journal file Gather the running situation of diary service system.Therefore, scheme provided in an embodiment of the present invention can improve operation system O&M Efficiency.
2nd, in embodiments of the present invention, when diary service system to be collected corresponds to different Log Types, using different Method goes to obtain the journal file of diary service system to be collected.Due to going to obtain daily record using method corresponding with Log Types File, therefore the accuracy of the journal file obtained is higher.
3rd, in embodiments of the present invention, each acquired journal file is resolved to the daily record text of string format Part, and be that the journal file of each string format adds target keywords according to advance keyword.Make it that daily record is literary Part is more clear, so as to improve the accuracy rate of log file analysis.
4th, in embodiments of the present invention, judge whether each journal file after filing meets analysis rule set in advance Then.When the journal file after judging filing does not meet analysis rule set in advance, warning message is generated, with informing business Diary service system operation to be collected is abnormal corresponding to personnel's journal file, abnormal to exclude in time, ensures daily record to be collected Operation system normal operation.
5th, in embodiments of the present invention, the specific pattern of warning message can determine according to business need.It can select short Believe any one or more in warning message, mail warning message and interface warning message.Therefore the business of warning message It is with strong applicability.
6th, in embodiments of the present invention, using acquiring unit according to determined by determining unit each diary service to be collected Log Types corresponding to system, obtain the journal file of each diary service system to be collected.Then resolution unit pair is utilized Each journal file acquired in acquiring unit is parsed.Recycle profiling unit resolution unit is parsed after each day Storage device of the will archive to outside.So that each journal file after analytic unit is filed to profiling unit divides Analysis, to understand the running situation of each diary service system to be collected according to journal file., can in this programme by above-mentioned Journal file is obtained with the Log Types according to corresponding to each diary service system to be collected, and each journal file is solved Analysis, filing and analysis operation.To understand the running situation of each diary service system to be collected in time according to journal file.Cause This, scheme provided in an embodiment of the present invention can improve the efficiency of operation system O&M.
7th, in embodiments of the present invention, each diary service system to be collected obtains daily record text in log collection analytical equipment During part, journal file is provided for log collection analytical equipment.Then when daily record acquisition and analysis device parse each journal file it Afterwards, each journal file after being parsed using storage device archive log acquisition and analysis device.By above-mentioned, in this programme Log collection analytical equipment can obtain journal file by Log Types according to corresponding to each diary service system to be collected, and right Each journal file parsed, is filed and analysis operation.To understand each daily record industry to be collected in time according to journal file The running situation of business system.Therefore, scheme provided in an embodiment of the present invention can improve the efficiency of operation system O&M.
It should be noted that herein, such as first and second etc relational terms are used merely to an entity Or operation makes a distinction with another entity or operation, and not necessarily require or imply and exist between these entities or operation Any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant be intended to it is non- It is exclusive to include, so that process, method, article or equipment including a series of elements not only include those key elements, But also the other element including being not expressly set out, or also include solid by this process, method, article or equipment Some key elements.In the absence of more restrictions, the key element limited by sentence " including one ", is not arranged Except other identical factor in the process including the key element, method, article or equipment being also present.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can pass through Programmed instruction related hardware is completed, and foregoing program can be stored in computer-readable storage medium, the program Upon execution, the step of execution includes above method embodiment;And foregoing storage medium includes:ROM, RAM, magnetic disc or light Disk etc. is various can be with the medium of store program codes.
It is last it should be noted that:Presently preferred embodiments of the present invention is the foregoing is only, is merely to illustrate the skill of the present invention Art scheme, is not intended to limit the scope of the present invention.Any modification for being made within the spirit and principles of the invention, Equivalent substitution, improvement etc., are all contained in protection scope of the present invention.

Claims (10)

  1. A kind of 1. log collection analysis method, it is characterised in that including:
    Determine daily record corresponding at least one diary service system to be collected and each described diary service system to be collected Type;
    According to Log Types corresponding to each identified described diary service system to be collected, obtain and wait to adopt described in each Collect the journal file of daily record operation system;
    Each acquired journal file is parsed;
    By each described journal file filing after parsing to outside storage device;
    Each described journal file after filing is analyzed.
  2. 2. according to the method for claim 1, it is characterised in that
    When Log Types corresponding to any one first diary service system to be collected are that middleware monitors Log Types,
    Log Types corresponding to each described diary service system to be collected determined by the basis, are obtained described in each The journal file of diary service system to be collected, including:
    Log Types are monitored according to middleware corresponding to the identified first diary service system to be collected, wait to adopt with described first Collect daily record operation system and connection is established by the communication protocol of the JSON forms based on HTTP HTTP;
    Judge whether the state parameter of journal file to be collected corresponding to the described first diary service system to be collected reaches default State value, if it is, being obtained by the communication protocol of the JSON forms based on HTTP from the journal file to be collected Take the journal file of the described first diary service system to be collected;
    Wherein, the state parameter includes accumulative write time or accumulative write-in data volume;
    When the state parameter is the accumulative write time, the state value is time threshold;When the state parameter is accumulative When writing data volume, the state value is data-quantity threshold;
    And/or
    When Log Types corresponding to any one second diary service system to be collected are unstructured Log Types,
    Log Types corresponding to each described diary service system to be collected determined by the basis, are obtained described in each The journal file of diary service system to be collected, including:
    It is to be collected with described second according to unstructured Log Types corresponding to the identified second diary service system to be collected Diary service system is established by FTP ftp communication protocols or secure file transportation protocol sftp communication protocols to be connected Connect;
    Judge whether the quantity of journal file to be collected corresponding to the described second diary service system to be collected reaches default number Threshold value is measured, if it is, described in being obtained by the ftp communication protocols or sftp communication protocols from the journal file to be collected The journal file of second diary service system to be collected;
    And/or
    When Log Types corresponding to any one the 3rd diary service system to be collected are structuring daily record,
    Log Types corresponding to each described diary service system to be collected determined by the basis, are obtained described in each The journal file of diary service system to be collected, including:
    According to structuring Log Types corresponding to the identified 3rd diary service system to be collected, journal file extraction rule are determined Then, wherein, the journal file extracting rule includes setting file format, setting time, setting data volume, setting character length At least one of degree, setting character title are a variety of;
    According to journal file to be collected corresponding to the journal file extracting rule from the described 3rd diary service system to be collected The middle journal file for obtaining the 3rd diary service system to be collected.
  3. 3. according to the method for claim 1, it is characterised in that
    It is described that each acquired journal file is parsed, including:
    Preset an at least keyword;
    Each acquired described journal file is resolved to the journal file of string format;
    According at least one keyword, the journal file of the string format to be parsed adds at least one target critical Word.
  4. 4. according to the method for claim 1, it is characterised in that
    Each described journal file after described pair of filing is analyzed, including:
    Judge whether each described journal file after filing meets analysis rule set in advance, if not, generation alarm Information;
    The analysis rule includes:It is not null value including content corresponding to the character string set in advance that reports an error, keyword, generation Time is that time set in advance, data volume are at least one of data volume set in advance or a variety of.
  5. 5. according to the method for claim 4, it is characterised in that
    The warning message includes:In SMS alarm information, mail warning message and interface warning message any one or It is a variety of.
  6. A kind of 6. log collection analytical equipment, it is characterised in that including:
    Determining unit, for determining at least one diary service system to be collected and each described diary service system to be collected Log Types corresponding to system;
    Acquiring unit, for day corresponding to each described diary service system to be collected according to determined by the determining unit Will type, obtain the journal file of each diary service system to be collected;
    Resolution unit, for being parsed to each described journal file acquired in the acquiring unit;
    Profiling unit, set for each described journal file filing after the resolution unit is parsed to the storage of outside It is standby;
    Analytic unit, analyzed for each described journal file after filing to the profiling unit.
  7. 7. device according to claim 6, it is characterised in that
    When Log Types corresponding to any one first diary service system to be collected are that middleware monitors Log Types,
    The acquiring unit, including:First establishes subelement and the first judgment sub-unit;
    Described first establishes subelement, is monitored for the middleware corresponding to the first diary service system to be collected determined by Log Types, pass through the logical of the JSON forms based on HTTP HTTP with the described first diary service system to be collected Believe that agreement establishes connection;
    First judgment sub-unit, for judging journal file to be collected corresponding to the described first diary service system to be collected State parameter whether reach default state value, if it is, by the communication protocol of the JSON forms based on HTTP from The journal file of the described first diary service system to be collected is obtained in the journal file to be collected;Wherein, the state ginseng Number includes accumulative write time or accumulative write-in data volume;When the state parameter is the accumulative write time, the state value For time threshold;When the state parameter is adds up write-in data volume, the state value is data-quantity threshold;
    And/or
    When Log Types corresponding to any one second diary service system to be collected are unstructured Log Types,
    The acquiring unit, including:Second establishes subelement and the second judgment sub-unit;
    Described second establishes subelement, for the unstructured day corresponding to the second diary service system to be collected determined by Will type, transmitted with the described second diary service system to be collected by FTP ftp communication protocols or secure file Agreement sftp communication protocols establish connection;
    Second judgment sub-unit, for judging journal file to be collected corresponding to the described second diary service system to be collected Quantity whether reach default amount threshold, if it is, being treated by the ftp communication protocols or sftp communication protocols from described The journal file of the described second diary service system to be collected is obtained in collection journal file;
    And/or
    When Log Types corresponding to any one the 3rd diary service system to be collected are structuring daily record,
    The acquiring unit, including:Determination subelement and extraction subelement;
    The determination subelement, for the structuring daily record class corresponding to the 3rd diary service system to be collected determined by Type, journal file extracting rule is determined, wherein, the journal file extracting rule includes setting file format, setting time, set Determine at least one of data volume, setting character length, setting character title or a variety of;
    The extraction subelement, for according to the journal file extracting rule from the described 3rd diary service system pair to be collected The journal file of the described 3rd diary service system to be collected is obtained in the journal file to be collected answered.
  8. 8. device according to claim 6, it is characterised in that
    The resolution unit, including:Parse subelement and addition subelement;
    The setting subelement, for presetting an at least keyword;By each acquired journal file solution Analyse the journal file for string format;
    The addition subelement, for according at least one keyword, for the journal file of the string format parsed Add at least one target keywords.
  9. 9. device according to claim 6, it is characterised in that
    The analytic unit, for judging whether each described journal file after filing meets analysis rule set in advance Then, if not, generation warning message;Wherein, the analysis rule includes:Do not include the character string set in advance that reports an error, key Content corresponding to word be not null value, generation time be time set in advance, data volume be in data volume set in advance extremely Few one or more.
  10. A kind of 10. log collection analysis system, it is characterised in that including:
    Claim 6 to 9 any described log collection analytical equipment, storage device and at least one diary service to be collected System;
    Each described diary service system to be collected, for when the log collection analytical equipment obtains journal file, being The log collection analytical equipment provides journal file;
    The storage device, for filing each described journal file after the log collection analytical equipment parses.
CN201710840731.0A 2017-09-18 2017-09-18 A kind of log collection analysis method, device and system Pending CN107612730A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710840731.0A CN107612730A (en) 2017-09-18 2017-09-18 A kind of log collection analysis method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710840731.0A CN107612730A (en) 2017-09-18 2017-09-18 A kind of log collection analysis method, device and system

Publications (1)

Publication Number Publication Date
CN107612730A true CN107612730A (en) 2018-01-19

Family

ID=61060217

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710840731.0A Pending CN107612730A (en) 2017-09-18 2017-09-18 A kind of log collection analysis method, device and system

Country Status (1)

Country Link
CN (1) CN107612730A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108363654A (en) * 2018-02-08 2018-08-03 上海闻泰电子科技有限公司 Association's processing method, system and the electronic equipment of system log
CN108765017A (en) * 2018-05-31 2018-11-06 浪潮软件股份有限公司 A kind of processing method and processing device of warning data
CN109040252A (en) * 2018-08-07 2018-12-18 平安科技(深圳)有限公司 Document transmission method, system, computer equipment and storage medium
CN111309552A (en) * 2020-02-13 2020-06-19 北京中数智汇科技股份有限公司 Service log acquisition system and method
CN113138891A (en) * 2020-01-19 2021-07-20 上海臻客信息技术服务有限公司 Service monitoring system based on log
CN113382071A (en) * 2021-06-09 2021-09-10 北京猿力未来科技有限公司 Link creation method and device based on hybrid cloud architecture

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105786683A (en) * 2016-03-03 2016-07-20 四川长虹电器股份有限公司 Customized log collecting system and method
CN106452867A (en) * 2016-08-10 2017-02-22 贵阳朗玛信息技术股份有限公司 Log message processing method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105786683A (en) * 2016-03-03 2016-07-20 四川长虹电器股份有限公司 Customized log collecting system and method
CN106452867A (en) * 2016-08-10 2017-02-22 贵阳朗玛信息技术股份有限公司 Log message processing method and system

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108363654A (en) * 2018-02-08 2018-08-03 上海闻泰电子科技有限公司 Association's processing method, system and the electronic equipment of system log
CN108363654B (en) * 2018-02-08 2021-03-23 上海闻泰电子科技有限公司 Co-processing method and system for system log and electronic equipment
CN108765017A (en) * 2018-05-31 2018-11-06 浪潮软件股份有限公司 A kind of processing method and processing device of warning data
CN109040252A (en) * 2018-08-07 2018-12-18 平安科技(深圳)有限公司 Document transmission method, system, computer equipment and storage medium
CN109040252B (en) * 2018-08-07 2022-04-12 平安科技(深圳)有限公司 File transmission method, system, computer device and storage medium
CN113138891A (en) * 2020-01-19 2021-07-20 上海臻客信息技术服务有限公司 Service monitoring system based on log
CN111309552A (en) * 2020-02-13 2020-06-19 北京中数智汇科技股份有限公司 Service log acquisition system and method
CN113382071A (en) * 2021-06-09 2021-09-10 北京猿力未来科技有限公司 Link creation method and device based on hybrid cloud architecture
CN113382071B (en) * 2021-06-09 2022-09-06 北京猿力未来科技有限公司 Link creation method and device based on hybrid cloud architecture

Similar Documents

Publication Publication Date Title
CN107612730A (en) A kind of log collection analysis method, device and system
US8156553B1 (en) Systems and methods for correlating log messages into actionable security incidents and managing human responses
CN110855676B (en) Network attack processing method and device and storage medium
RU2419986C2 (en) Combining multiline protocol accesses
CN101605074A (en) The method and system of communication behavioural characteristic monitoring wooden horse Network Based
CN111866016A (en) Log analysis method and system
CN103281177A (en) Method and system for detecting hostile attack on Internet information system
CN108011925A (en) A kind of operating audit system and method
CN114528457B (en) Web fingerprint detection method and related equipment
CN114465741B (en) Abnormality detection method, abnormality detection device, computer equipment and storage medium
CN111191247A (en) Database security audit system
EP2936772A1 (en) Network security management
CN109359251A (en) Audit method for early warning, device and the terminal device of application system service condition
CN111277569B (en) Network message decoding method and device and electronic equipment
CN110020161B (en) Data processing method, log processing method and terminal
CN110677271B (en) Big data alarm method, device, equipment and storage medium based on ELK
CN114338600A (en) Equipment fingerprint selection method and device, electronic equipment and medium
CN111131325A (en) Data protocol anomaly identification system and method
CN112148545B (en) Security baseline detection method and security baseline detection system of embedded system
CN114116872A (en) Data processing method and device, electronic equipment and computer readable storage medium
CN111988343A (en) System and method for remotely setting rules and monitoring industrial network intrusion
CN107908525A (en) Alert processing method, equipment and readable storage medium storing program for executing
KR102051580B1 (en) Integrated clinical trial apparatus based on cdisc
CN106060025A (en) Automatic application classification method and automatic application classification device
CN104881354A (en) Cloud disk monitoring method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180119