CN108718295A - A kind of system log transmission method and device - Google Patents

A kind of system log transmission method and device Download PDF

Info

Publication number
CN108718295A
CN108718295A CN201810362684.8A CN201810362684A CN108718295A CN 108718295 A CN108718295 A CN 108718295A CN 201810362684 A CN201810362684 A CN 201810362684A CN 108718295 A CN108718295 A CN 108718295A
Authority
CN
China
Prior art keywords
log
system log
processing tool
control protocol
transmission control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810362684.8A
Other languages
Chinese (zh)
Inventor
穆晓偲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201810362684.8A priority Critical patent/CN108718295A/en
Publication of CN108718295A publication Critical patent/CN108718295A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/12Avoiding congestion; Recovering from congestion
    • H04L47/125Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/20Traffic policing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management

Abstract

A kind of system log transmission method of present invention offer and device, this method include:Receive the system log that managed devices are sent;The log processing tool being transferred to the system log received by transmission control protocol TCP agreement in the Network Management Equipment.System log efficiency of transmission can be improved using the embodiment of the present invention, reduces packet loss.

Description

A kind of system log transmission method and device
Technical field
The present invention relates to network communication technology field more particularly to a kind of system log transmission methods and device.
Background technology
Syslog (system log) agreement is a forwarding system in IP (Internet Protocol, Internet protocol) The standard of system log information.The Syslog received in webmastering software is usually run by the recording equipment that equipment generates and sends The daily record of event.
Network Management Equipment can carry out analyzing processing by specific log processing tool to the Syslog received, to judge The state of equipment operation, the Syslog of the abnormality for that can reflect equipment need to upgrade to alarm, notify maintenance personnel It is handled.
Currently, Network Management Equipment receive pipe equipment (referred to herein as managed devices) usually by UDP (User Datagram Protocol, User Datagram Protocol) system log is transferred to the log processing work in Network Management Equipment by agreement Tool carries out analyzing processing by the log processing tool in Network Management Equipment to system log.
However practice is found, existing log processing tool to the receptivity of the system log transmitted by udp protocol compared with Difference, and packet loss is higher, causes the transmission performance of existing system daily record poor, packet loss is higher.
Invention content
A kind of system log transmission method of present invention offer and device, to solve system in existing system log transmission scheme Log transmission poor performance, the high problem of packet loss.
According to a first aspect of the embodiments of the present invention, a kind of system log transmission method is provided, applied to including being managed Receiver in the system log Transmission system of equipment, receiver and Network Management Equipment, the receiver are based on UDP Socket Exploitation, and support Transmission Control Protocol, log processing tool is installed in the Network Management Equipment, the method includes:
Receive the system log that managed devices are sent;
The log processing tool being transferred to the system log received by Transmission Control Protocol in the Network Management Equipment.
According to a second aspect of the embodiments of the present invention, a kind of system log transmitting device is provided, applied to including being managed Receiver in the system log Transmission system of equipment, receiver and Network Management Equipment, the receiver are based on user UDP Socket is developed, and supports Transmission Control Protocol, is equipped with log processing tool in the Network Management Equipment, described device includes:
Receiving unit, the system log for receiving managed devices transmission;
Transmission unit, the daily record for being transferred to the system log received by Transmission Control Protocol in the Network Management Equipment Handling implement.
Using the embodiment of the present invention, by being disposed in system log Transmission system based on UDP Socket exploitations, and prop up The receiver of Transmission Control Protocol is held, the system log of managed devices is sent to receiver, will be received by Transmission Control Protocol by receiver To system log be transferred to the log processing tool in Network Management Equipment, improve system log efficiency of transmission, reduce packet loss Rate.
Description of the drawings
Fig. 1 is a kind of configuration diagram of system log Transmission system provided in an embodiment of the present invention;
Fig. 2 is a kind of flow diagram of system log transmission method provided in an embodiment of the present invention;
Fig. 3 is the flow diagram of another system log transmission method provided in an embodiment of the present invention;
Fig. 4 is a kind of configuration diagram of concrete application scene provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of system log transmitting device provided in an embodiment of the present invention;
Fig. 6 is the structural schematic diagram of another system log transmitting device provided in an embodiment of the present invention.
Specific implementation mode
In order to make those skilled in the art more fully understand the technical solution in the embodiment of the present invention, below first to this hair The applicable network architecture of bright embodiment is briefly described.
Fig. 1 is referred to, is a kind of configuration diagram of system log Transmission system provided in an embodiment of the present invention, such as Fig. 1 It is shown, can also include receiver in the system log Transmission system other than including Network Management Equipment and managed devices, Wherein, which is developed based on UDP Socket (socket), has preferable receive to the data transmitted by udp protocol Performance can receive the system log that managed devices are transmitted by udp protocol, and the receiver supports TCP (Transmission Control Protocol, transmission control protocol) agreement, can by Transmission Control Protocol Transmission system daily record, Log processing tool is installed in Network Management Equipment.Receiver in the present invention can be existed with software forms, naturally it is also possible to Exist with hardware state.Being illustrated by taking receiver existing for software forms as an example in the following embodiments of the present invention.
In system log Transmission system shown in Fig. 1, it is contemplated that log processing tool is to what is transmitted by udp protocol The receptivity of system daily record is poor, meanwhile, managed devices directly pass through the realization method that Transmission Control Protocol sends system log, meeting Cause application scenarios limited since part managed devices do not support Transmission Control Protocol, managed devices are no longer directly by system day Will is transferred to the log processing tool in Network Management Equipment, but system log is first transferred to receiver, is then led to by receiver Cross the log processing tool that the system log received is transferred in Network Management Equipment by Transmission Control Protocol, to, be not required to it is to be managed Under the premise of equipment supports Transmission Control Protocol, realize at the daily record that system log is transferred in Network Management Equipment by Transmission Control Protocol Science and engineering has, and improves the efficiency of system log transmission, and reduces packet loss.
In order to keep the above objects, features, and advantages of the embodiment of the present invention more obvious and easy to understand, below in conjunction with the accompanying drawings Technical solution in the embodiment of the present invention is described in further detail.
Fig. 2 is referred to, is a kind of flow diagram of system log transmission method provided in an embodiment of the present invention, wherein The system log transmission method can be applied to the receiver in method example shown in Fig. 1, as shown in Fig. 2, the system log passes Transmission method may comprise steps of:
Step 201 receives the system log that managed devices are sent.
In the embodiment of the present invention, in order to realize that managed devices send system log to receiver, it can be set being managed The transmission target of standby upper setting system log, is set to IP address and the port of receiver, in turn, managed devices can According to the IP address of set receiver and port, system log is sent to receiver.
Wherein, managed devices can send system log by udp protocol or Transmission Control Protocol to receiver.
Step 202, the log processing tool being transferred to the system log received by Transmission Control Protocol in Network Management Equipment.
In the embodiment of the present invention, it is contemplated that currently used log processing tool is to the data transmitted by udp protocol Receptivity is poor, and packet loss is higher, when receiver receives the system log of managed devices transmission, can pass through TCP The system log received is transferred to the log processing tool in Network Management Equipment by agreement.
As it can be seen that in method flow shown in Fig. 2, developed based on UDP Socket by disposing in systems, and supports TCP Relay device of the receiver of agreement as system log, managed devices can be by Transmission Control Protocol or udp protocols by system day Will is sent to receiver, and the log processing tool in Network Management Equipment is transferred to by Transmission Control Protocol by receiver, need not be by pipe Under the premise of managing equipment support Transmission Control Protocol, the transmission performance of system log is improved, and reduce packet loss.
The present invention in one embodiment, the system log received is transferred to webmaster above by Transmission Control Protocol Before log processing tool in equipment, can also include:
System log is filtered according to default filtering rule;Wherein, which is used to indicate receiver To specifying source IP address or/and including specifying the system log of content to be filtered;
Correspondingly, the log processing work being transferred to the system log received above by Transmission Control Protocol in Network Management Equipment Have, may include:
The log processing tool being transferred to filtered system log by Transmission Control Protocol in network management system.
It in this embodiment, can be by the part of log processing tool in order to reduce the operating pressure of log processing tool Filtration is transferred to receiver processing.
Specifically, in this embodiment it is possible to be configured to the rule being filtered to system log on the receiver in advance Then (referred to herein as default filtering rule), which can serve to indicate that receiver refusal specifies source IP address Or/and including specifying the system log of content to pass through.
When receiver receives the system log of managed devices transmission, can be inquired according to the system log received Default filtering rule, and processing is filtered to system log according to query result.
As an example it is assumed that default filtering rule is to refuse the system log that source IP address is IP1 to pass through, then work as receiver When receiving system log, the source IP address that can inquire the system log (sends the managed devices of the system log IP address), determine whether the source IP address of the system log is IP1, if so, the system log is transferred to webmaster and set by refusal Log processing tool in standby, such as abandons the system log.
Again as an example it is assumed that default filtering rule is the system log that refusal includes I/O rate (input and output rate) Pass through, then when receiving system log, the content of the system log can be inquired, determine in the content of the system log whether Including I/O rate, if so, the system log is transferred to the log processing tool in Network Management Equipment by refusal, such as abandoning this is System daily record.
In this embodiment, receiver is filtered processing according to default filtering rule to the system log received Afterwards, the log processing tool that filtered system log can be transferred in Network Management Equipment, and then log processing can be reduced The operating pressure of tool.
May include that multiple log processing tools are constituted in one embodiment, in above-mentioned Network Management Equipment in the present invention Log processing tool cluster;
Correspondingly, the log processing work being transferred to the system log received above by Transmission Control Protocol in Network Management Equipment Have, may include:
According to default load balancing strategy, the system log received is transferred to by Network Management Equipment cluster by Transmission Control Protocol In each Network Management Equipment log processing tool.
In this embodiment, the Network Management Equipment of system log Transmission system includes the daily record that multiple log processing tools are constituted Handling implement cluster improves the reliability and stability of system so as to avoid Single Point of Faliure.
Wherein, multiple log processing tool may be mounted in one or more Network Management Equipments.
It, can in advance in the receiver in order to realize the load balancing of each log processing tool in log processing tool cluster Configuration load shares strategy (referred to herein as default load balancing strategy).
Wherein, each system log circle transmission which can include but is not limited to receive is to daily record Each log processing tool in handling implement cluster, alternatively, giving each system log opportunistic transmission received to reception system log (in this case, receiver needs to record the system log for being transferred to each log processing tool minimum log processing tool Quantity) etc..
For example, it is to give each system log circle transmission received to log processing tool set with load balancing strategy In group for each log processing tool, it is assumed that Network Management Equipment includes the log processing tool being made of log processing tool 1~3 Cluster, then receiver the receive the 1st system log can be transferred to log processing tool 1, be by the receive the 2nd Receive the 3rd system log is transferred to log processing tool 3, will received by log transmission of uniting to log processing tool 2 The 4th system log be transferred to log processing tool 1 ... and so on.
It correspondingly, in this embodiment, can be according to default load balancing strategy when receiver receives system log Each system log received is transferred to each log processing tool in log processing tool cluster.
It should be noted that in this embodiment, receiver will be connect according to default load balancing strategy by Transmission Control Protocol The system log received is transferred in log processing tool cluster before each log processing tool, can also be first according to default filtering Rule is filtered the system log received, and specific implementation repeats no more herein.
Fig. 3 is referred to, is the flow diagram of another system log transmission method provided in an embodiment of the present invention, In, which can be applied to the receiver in method example shown in Fig. 1, as shown in figure 3, the system log Transmission method may comprise steps of:
Step 301 receives the system log that managed devices are sent.
In the embodiment of the present invention, the specific implementation of step 301 may refer to the associated description in step 201, and the present invention is real Applying example, details are not described herein.
The system log received is written by Transmission Control Protocol and specifies message queue by step 302, by Network Management Equipment Log processing tool reads system log from specified message queue.
It, can be in system log Transmission system in order to further provide for system log efficiency of transmission in the embodiment of the present invention Middle setting message queue (referred to herein as specified message queue), when receiver receives system log, can pass through Transmission Control Protocol The system log received is written and specifies message queue, message queue is specified from this by the log processing tool in Network Management Equipment Middle reading system log.
The present invention in one embodiment, above-mentioned Network Management Equipment includes the daily record of multiple log processing tools compositions Handling implement cluster, above-mentioned specified message queue may include multiple subqueues;
It should be noted that in this embodiment, multiple subqueue can belong to same message queue, can also return Belong to multiple and different message queues.
Correspondingly, the system log received is written above by Transmission Control Protocol and specifies message queue, may include:
According to default load balancing strategy, the system log received is written by Transmission Control Protocol and is specified in message queue Each subqueue, by each log processing tool in log processing tool cluster respectively from corresponding subqueue read system day Will.
In this embodiment, in order to avoid Single Point of Faliure, the reliability and stability of system, system log transmission system are improved The Network Management Equipment of system may include the log processing tool cluster that multiple log processing tools are constituted.
Wherein, multiple log processing tool may be mounted in one or more Network Management Equipments.
In order to realize the load balancing of each log processing tool in log processing tool cluster, on the one hand, can be specified Multiple subqueues are set in message queue, and the correspondence of each subqueue and log processing tool is set;Optionally, each sub- team Row can be one-to-one relationship with the log processing tool in log processing tool cluster.Certainly, each subqueue and daily record Log processing tool in handling implement cluster can also be many-to-one relationship.It on the other hand, can in advance in the receiver Configuration load shares strategy (referred to herein as default load balancing strategy).
Wherein, which can include but is not limited to specify each system log recurrent wrIting received and disappear Each subqueue for ceasing queue, alternatively, giving writing system daily record minimum subqueue each system log random writing received (in this case, receiver needs to record the quantity for the system log that each subqueue is written) etc..
Correspondingly, in this embodiment, when receiver receives system log, can according to default load balancing strategy, Each system log received is respectively written into each subqueue in specified message queue by Transmission Control Protocol, by log processing work Each log processing tool reads system log from corresponding subqueue respectively in tool cluster, to realize each log processing tool Load balancing.
As it can be seen that in method flow shown in Fig. 3, by the way that message queue is arranged in systems, receiver receives system day When will, the system log received is written in the message queue by Transmission Control Protocol, by log processing tool from the message queue Middle reading system log, further improves system log efficiency of transmission.
In a kind of optional embodiment, message queue can be Kafka message queues, and log processing tool is Logstash.It is verified, system log is first put into Kafka, Logstash reads system log from Kafka again, can be with Promote the performance that Logstash itself receives system log.
In order to make those skilled in the art more fully understand technical solution provided in an embodiment of the present invention, with reference to specific Application scenarios illustrate technical solution provided in an embodiment of the present invention.
Fig. 4 is referred to, is a kind of configuration diagram of concrete application scene provided in an embodiment of the present invention, wherein at this In embodiment, with message queue for Kafka message queues, the log processing tool installed in Network Management Equipment is that Logstash is Example, as shown in figure 4, the application scenarios include managed devices, (based on UDP Socket exploitations, and support TCP is assisted receiver View), Kafka clusters and Logstash clusters.
Wherein, Kafka clusters are provided with multiple subregions under same subject (Topic) (to include in Partition, Fig. 4 For 3 Partition (Partition0~Partition2), wherein a Partition is corresponded in above-described embodiment One subqueue), each subregion and each Logstash in Logstash clusters are one-one relationship in Kafka clusters.
It should be noted that in practical applications, each subregion and each Logstash in Logstash clusters in Kafka clusters It may be many-to-one relationship.
In this embodiment, the components such as receiver, Logstash, Kafka are distributed according to hardware resource, are deployed in different In virtual machine or container.
On managed devices be arranged system log transmission target be receiver, that is, be configured with receiver IP address and Port;In receiver configured with refusal specify source IP address or/and including specify content system log by filtering rule, And (i.e. Partition0~Partition2 returns by Topic is specified in the system log recurrent wrIting Kafka clusters received The Topic of category) under each subregion (i.e. Partition0~Partition2) load balancing strategy, and be configured with Kafka clusters Address of service and specified Topic;Kafka interfaces are provided in Logstash clusters in each Logstash, the Kafka interfaces Bind Kafka cluster services address and specified Topic.
Application scenarios based on shown in Fig. 4, system log transmission plan implementation process provided in an embodiment of the present invention are as follows:
1, managed devices send system log to receiver.
In this embodiment, managed devices can send system log by udp protocol or Transmission Control Protocol to receiver.
Preferably for the managed devices for supporting Transmission Control Protocol, system day is preferentially sent to receiver by Transmission Control Protocol Will, to reduce packet loss.
2, receiver refusal specifies source IP address or/and including specifying the system log of content to pass through.
In this embodiment, it when receiver receives system log, can be inquired according to the system log received advance The filtering rule of configuration, for matched system log, i.e., specified source IP address or/and the system log including specifying content, Receiver can refuse the system log can abandon the system log by, for example, receiver;For unmatched system day Will, receiver can execute subsequent processing.
3, each subregion that receiver will be specified under Topic in filtered system log recurrent wrIting to Kafka clusters.
For example, receiver can start a counter, the initial value of the counter is 0, and receiver is every time to Kafka collection When specifying the subregion writing system daily record under Topic in group, using the value of counter to number of partitions remainder, using result as need The ID for the subregion to be written often writes primary system daily record, and the value of counter is added 1.
Correspondingly, when Kafka clusters are written in system log by receiver the 1st time, system log can be written Partition1 can be written when the 2nd time Kafka clusters are written in system log in system log by Partition0, the 3rd time When Kafka clusters are written in system log, system log can be written to Partition2, system log is written the 4th When Kafka clusters, Partition0 can be written in system log ... and so on.
4, each Logstash reads system log from corresponding subregion respectively in Logstash clusters.
By above description as can be seen that in technical solution provided in an embodiment of the present invention, by being passed in system log Deployment is based on UDP Socket exploitations in defeated system, and supports the receiver of Transmission Control Protocol, and the system log of managed devices is sent To receiver, the system log received is transferred to by the log processing tool in Network Management Equipment by Transmission Control Protocol by receiver, System log efficiency of transmission is improved, packet loss is reduced.
Fig. 5 is referred to, is a kind of structural schematic diagram of system log transmitting device provided in an embodiment of the present invention, wherein The device can be applied to the receiver in above method embodiment, as shown in figure 5, the system log transmitting device can wrap It includes:
Receiving unit 510, the system log for receiving managed devices transmission;
Transmission unit 520, the day for being transferred to the system log received by Transmission Control Protocol in the Network Management Equipment Will handling implement.
It is the structural schematic diagram of another system log transmitting device provided in an embodiment of the present invention please also refer to Fig. 6, As shown in fig. 6, on the basis of system log transmitting device shown in Fig. 5, system shown in Figure 6 log transmission device can also wrap It includes:
Filter element 530, for being filtered to the system log according to default filtering rule;Wherein, described default Filtering rule is used to indicate the receiver refusal and specifies source IP address or/and including specifying the system log of content to pass through;
Filtered system log is transferred to the webmaster system by the transmission unit 520 specifically for passing through Transmission Control Protocol Log processing tool in system.
In an alternative embodiment, the Network Management Equipment includes the log processing tool set that multiple log processing tools are constituted Group;
Correspondingly, the transmission unit 520 is specifically used for, according to default load balancing strategy, to receive by Transmission Control Protocol To system log be transferred to each log processing tool in the log processing tool cluster.
In an alternative embodiment, the transmission unit 520, specifically for the system log that will be received by Transmission Control Protocol Message queue is specified in write-in, and system day is read from the specified message queue by the log processing tool in the Network Management Equipment Will.
In an alternative embodiment, the Network Management Equipment includes the log processing tool set that multiple log processing tools are constituted Group, the specified message queue includes multiple subregions;
Correspondingly, the transmission unit 520 is specifically used for, according to default load balancing strategy, to receive by Transmission Control Protocol To system log each subregion in the specified message queue is written, by each log processing in the log processing tool cluster Tool reads system log from corresponding subregion respectively.
In an alternative embodiment, the transmission unit 520, specifically for the system log that will be received by Transmission Control Protocol Each subregion in message queue is specified described in recurrent wrIting.
The function of each unit and the realization process of effect specifically refer to and correspond to step in the above method in above-mentioned apparatus Realization process, details are not described herein.
For device embodiments, since it corresponds essentially to embodiment of the method, so related place is referring to method reality Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separating component The unit of explanation may or may not be physically separated, and the component shown as unit can be or can also It is not physical unit, you can be located at a place, or may be distributed over multiple network units.It can be according to actual It needs that some or all of module therein is selected to realize the purpose of the present invention program.Those of ordinary skill in the art are not paying In the case of going out creative work, you can to understand and implement.
As seen from the above-described embodiment, it by being disposed in system log Transmission system based on UDP Socket exploitations, and props up The receiver of Transmission Control Protocol is held, the system log of managed devices is sent to receiver, will be received by Transmission Control Protocol by receiver To system log be transferred to the log processing tool in Network Management Equipment, improve system log efficiency of transmission, reduce packet loss Rate.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the present invention Its embodiment.This application is intended to cover the present invention any variations, uses, or adaptations, these modifications, purposes or Person's adaptive change follows the general principle of the present invention and includes undocumented common knowledge in the art of the invention Or conventional techniques.The description and examples are only to be considered as illustrative, and true scope and spirit of the invention are by following Claim is pointed out.
It should be understood that the invention is not limited in the precision architectures for being described above and being shown in the accompanying drawings, and And various modifications and changes may be made without departing from the scope thereof.The scope of the present invention is limited only by the attached claims.

Claims (12)

1. a kind of system log transmission method, which is characterized in that be applied to include managed devices, receiver and Network Management Equipment System log Transmission system in receiver, the receiver is based on User Datagram Protocol UDP socket Socket exploitation, And support transmission control protocol TCP agreement, log processing tool is installed in the Network Management Equipment, the method includes:
Receive the system log that managed devices are sent;
The log processing tool being transferred to the system log received by Transmission Control Protocol in the Network Management Equipment.
2. according to the method described in claim 1, it is characterized in that, described passed the system log received by Transmission Control Protocol Further include before the log processing tool being defeated by the Network Management Equipment:
The system log is filtered according to default filtering rule;Wherein, the default filtering rule is used to indicate described Receiver refusal specifies source IP address or/and including specifying the system log of content to pass through;
It is described that system log is transferred to by the log processing tool in the Network Management Equipment by Transmission Control Protocol, including:
The log processing tool being transferred to filtered system log by Transmission Control Protocol in the network management system.
3. according to the method described in claim 1, it is characterized in that, the Network Management Equipment includes multiple log processing tool structures At log processing tool cluster;
It is described that the system log received is transferred to by the log processing tool in the Network Management Equipment by Transmission Control Protocol, including:
According to default load balancing strategy, the system log received is transferred to by the log processing tool by Transmission Control Protocol Each log processing tool in cluster.
4. according to the method described in claim 1, it is characterized in that, described will be received by transmission control protocol TCP agreement System log be transferred to the log processing tool in the Network Management Equipment, including:
The system log received is written by Transmission Control Protocol and specifies message queue, by the log processing in the Network Management Equipment Tool reads system log from the specified message queue.
5. according to claim 1-4 any one of them methods, which is characterized in that the specified message queue includes multiple sub- teams Row;
The described system log received is written by Transmission Control Protocol specifies message queue, including:
According to default load balancing strategy, the system log received is written in the specified message queue by Transmission Control Protocol Each subqueue, by each log processing tool in log processing tool cluster respectively from corresponding subqueue read system day Will.
6. according to the method described in claim 5, it is characterized in that, described according to default load balancing strategy, pass through Transmission Control Protocol Each subqueue in the specified message queue is written into the system log received, including:
Each subqueue that will be specified described in the system log recurrent wrIting received in message queue by Transmission Control Protocol.
7. a kind of system log transmitting device, which is characterized in that be applied to include managed devices, receiver and Network Management Equipment System log Transmission system in receiver, the receiver is based on User Datagram Protocol UDP socket Socket exploitation, And support transmission control protocol TCP agreement, log processing tool is installed in the Network Management Equipment, described device includes:
Receiving unit, the system log for receiving managed devices transmission;
Transmission unit, the log processing for being transferred to the system log received by Transmission Control Protocol in the Network Management Equipment Tool.
8. device according to claim 7, which is characterized in that described device further includes:
Filter element, for being filtered to the system log according to default filtering rule;Wherein, the default filtering rule It is used to indicate the receiver refusal and specifies source IP address or/and including specifying the system log of content to pass through;
The transmission unit, specifically for filtered system log is transferred in the network management system by Transmission Control Protocol Log processing tool.
9. device according to claim 7, which is characterized in that the Network Management Equipment includes multiple log processing tool structures At log processing tool cluster;
The transmission unit, is specifically used for according to default load balancing strategy, is passed the system log received by Transmission Control Protocol Each log processing tool being defeated by the log processing tool cluster.
10. device according to claim 7, which is characterized in that
The transmission unit specifies message queue, by described specifically for the system log received is written by Transmission Control Protocol Log processing tool in Network Management Equipment reads system log from the specified message queue.
11. according to claim 7-10 any one of them devices, which is characterized in that the specified message queue includes multiple sons Queue;
The transmission unit is specifically used for, according to default load balancing strategy, writing the system log received by Transmission Control Protocol Enter each subqueue in the specified message queue, by each log processing tool in log processing tool cluster respectively from corresponding System log is read in subqueue.
12. according to the devices described in claim 11, which is characterized in that
The transmission unit, specifically for message team will be specified described in the system log recurrent wrIting received by Transmission Control Protocol Each subqueue in row.
CN201810362684.8A 2018-04-20 2018-04-20 A kind of system log transmission method and device Pending CN108718295A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810362684.8A CN108718295A (en) 2018-04-20 2018-04-20 A kind of system log transmission method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810362684.8A CN108718295A (en) 2018-04-20 2018-04-20 A kind of system log transmission method and device

Publications (1)

Publication Number Publication Date
CN108718295A true CN108718295A (en) 2018-10-30

Family

ID=63899227

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810362684.8A Pending CN108718295A (en) 2018-04-20 2018-04-20 A kind of system log transmission method and device

Country Status (1)

Country Link
CN (1) CN108718295A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101052034A (en) * 2006-04-19 2007-10-10 华为技术有限公司 Method and system for transmitting network event journal protocol message
CN101662480A (en) * 2009-09-01 2010-03-03 卡斯柯信号有限公司 Log system based on access control
CN102195795A (en) * 2010-03-19 2011-09-21 Tcl集团股份有限公司 Intelligent district log system and log recording method thereof
CN102394790A (en) * 2011-09-29 2012-03-28 航天科工深圳(集团)有限公司 On-line monitoring device and monitoring method of analog transmission line
CN104144071A (en) * 2013-05-10 2014-11-12 北京新媒传信科技有限公司 System log processing method and platform
WO2017223342A1 (en) * 2016-06-22 2017-12-28 Ntt Innovation Institute, Inc. Botnet detection system and method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101052034A (en) * 2006-04-19 2007-10-10 华为技术有限公司 Method and system for transmitting network event journal protocol message
CN101662480A (en) * 2009-09-01 2010-03-03 卡斯柯信号有限公司 Log system based on access control
CN102195795A (en) * 2010-03-19 2011-09-21 Tcl集团股份有限公司 Intelligent district log system and log recording method thereof
CN102394790A (en) * 2011-09-29 2012-03-28 航天科工深圳(集团)有限公司 On-line monitoring device and monitoring method of analog transmission line
CN104144071A (en) * 2013-05-10 2014-11-12 北京新媒传信科技有限公司 System log processing method and platform
WO2017223342A1 (en) * 2016-06-22 2017-12-28 Ntt Innovation Institute, Inc. Botnet detection system and method

Similar Documents

Publication Publication Date Title
JP7085565B2 (en) Intelligent thread management across isolated network stacks
CN105554065B (en) Handle method, converting unit and the applying unit of message
US5060140A (en) Universal programmable data communication connection system
JP3640187B2 (en) Fault processing method for multiprocessor system, multiprocessor system and node
CN101702735B (en) TCP service device and method
US8554980B2 (en) Triggered notification
CN108881158A (en) Data interaction system and method
CN105989539A (en) Financial trading condition acquisition system and method
CN103139157B (en) A kind of based on the network communication method of socket, Apparatus and system
JP2005539298A (en) Method and system for remotely and dynamically configuring a server
CN101707608A (en) Method and device for automatically testing application layer protocol
CN106357761A (en) Distributed message communication middleware implementation software system based on real-time operating system
US20200012517A1 (en) Computer system infrastructure and method of hosting an application software
CN110768862B (en) Cloud platform physical link connectivity detection device, method and system
CN106452951A (en) Information processing method, device and system
KR20160022327A (en) Methods for managing transaction in software defined networking network
CN105763599B (en) T-CDP implementation method and device under a kind of IPSAN
CN108718295A (en) A kind of system log transmission method and device
WO2015196694A1 (en) Single-board log information storage method and system
US10333792B2 (en) Modular controller in software-defined networking environment and operating method thereof
CN101577647B (en) Alarm box in support of multi-VLAN and processing method of alarming thereof
CN114237914A (en) Management scheduling system based on hybrid cloud
CN111726329B (en) Method for cloud management of gas station system
CN103491079B (en) Message generating device, server and method
US20090043561A1 (en) system and a method for a multi device emulation in network management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181030