CN108718295A - A kind of system log transmission method and device - Google Patents
A kind of system log transmission method and device Download PDFInfo
- Publication number
- CN108718295A CN108718295A CN201810362684.8A CN201810362684A CN108718295A CN 108718295 A CN108718295 A CN 108718295A CN 201810362684 A CN201810362684 A CN 201810362684A CN 108718295 A CN108718295 A CN 108718295A
- Authority
- CN
- China
- Prior art keywords
- log
- system log
- processing tool
- control protocol
- transmission control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/20—Traffic policing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
Abstract
A kind of system log transmission method of present invention offer and device, this method include:Receive the system log that managed devices are sent;The log processing tool being transferred to the system log received by transmission control protocol TCP agreement in the Network Management Equipment.System log efficiency of transmission can be improved using the embodiment of the present invention, reduces packet loss.
Description
Technical field
The present invention relates to network communication technology field more particularly to a kind of system log transmission methods and device.
Background technology
Syslog (system log) agreement is a forwarding system in IP (Internet Protocol, Internet protocol)
The standard of system log information.The Syslog received in webmastering software is usually run by the recording equipment that equipment generates and sends
The daily record of event.
Network Management Equipment can carry out analyzing processing by specific log processing tool to the Syslog received, to judge
The state of equipment operation, the Syslog of the abnormality for that can reflect equipment need to upgrade to alarm, notify maintenance personnel
It is handled.
Currently, Network Management Equipment receive pipe equipment (referred to herein as managed devices) usually by UDP (User
Datagram Protocol, User Datagram Protocol) system log is transferred to the log processing work in Network Management Equipment by agreement
Tool carries out analyzing processing by the log processing tool in Network Management Equipment to system log.
However practice is found, existing log processing tool to the receptivity of the system log transmitted by udp protocol compared with
Difference, and packet loss is higher, causes the transmission performance of existing system daily record poor, packet loss is higher.
Invention content
A kind of system log transmission method of present invention offer and device, to solve system in existing system log transmission scheme
Log transmission poor performance, the high problem of packet loss.
According to a first aspect of the embodiments of the present invention, a kind of system log transmission method is provided, applied to including being managed
Receiver in the system log Transmission system of equipment, receiver and Network Management Equipment, the receiver are based on UDP Socket
Exploitation, and support Transmission Control Protocol, log processing tool is installed in the Network Management Equipment, the method includes:
Receive the system log that managed devices are sent;
The log processing tool being transferred to the system log received by Transmission Control Protocol in the Network Management Equipment.
According to a second aspect of the embodiments of the present invention, a kind of system log transmitting device is provided, applied to including being managed
Receiver in the system log Transmission system of equipment, receiver and Network Management Equipment, the receiver are based on user UDP
Socket is developed, and supports Transmission Control Protocol, is equipped with log processing tool in the Network Management Equipment, described device includes:
Receiving unit, the system log for receiving managed devices transmission;
Transmission unit, the daily record for being transferred to the system log received by Transmission Control Protocol in the Network Management Equipment
Handling implement.
Using the embodiment of the present invention, by being disposed in system log Transmission system based on UDP Socket exploitations, and prop up
The receiver of Transmission Control Protocol is held, the system log of managed devices is sent to receiver, will be received by Transmission Control Protocol by receiver
To system log be transferred to the log processing tool in Network Management Equipment, improve system log efficiency of transmission, reduce packet loss
Rate.
Description of the drawings
Fig. 1 is a kind of configuration diagram of system log Transmission system provided in an embodiment of the present invention;
Fig. 2 is a kind of flow diagram of system log transmission method provided in an embodiment of the present invention;
Fig. 3 is the flow diagram of another system log transmission method provided in an embodiment of the present invention;
Fig. 4 is a kind of configuration diagram of concrete application scene provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of system log transmitting device provided in an embodiment of the present invention;
Fig. 6 is the structural schematic diagram of another system log transmitting device provided in an embodiment of the present invention.
Specific implementation mode
In order to make those skilled in the art more fully understand the technical solution in the embodiment of the present invention, below first to this hair
The applicable network architecture of bright embodiment is briefly described.
Fig. 1 is referred to, is a kind of configuration diagram of system log Transmission system provided in an embodiment of the present invention, such as Fig. 1
It is shown, can also include receiver in the system log Transmission system other than including Network Management Equipment and managed devices,
Wherein, which is developed based on UDP Socket (socket), has preferable receive to the data transmitted by udp protocol
Performance can receive the system log that managed devices are transmitted by udp protocol, and the receiver supports TCP
(Transmission Control Protocol, transmission control protocol) agreement, can by Transmission Control Protocol Transmission system daily record,
Log processing tool is installed in Network Management Equipment.Receiver in the present invention can be existed with software forms, naturally it is also possible to
Exist with hardware state.Being illustrated by taking receiver existing for software forms as an example in the following embodiments of the present invention.
In system log Transmission system shown in Fig. 1, it is contemplated that log processing tool is to what is transmitted by udp protocol
The receptivity of system daily record is poor, meanwhile, managed devices directly pass through the realization method that Transmission Control Protocol sends system log, meeting
Cause application scenarios limited since part managed devices do not support Transmission Control Protocol, managed devices are no longer directly by system day
Will is transferred to the log processing tool in Network Management Equipment, but system log is first transferred to receiver, is then led to by receiver
Cross the log processing tool that the system log received is transferred in Network Management Equipment by Transmission Control Protocol, to, be not required to it is to be managed
Under the premise of equipment supports Transmission Control Protocol, realize at the daily record that system log is transferred in Network Management Equipment by Transmission Control Protocol
Science and engineering has, and improves the efficiency of system log transmission, and reduces packet loss.
In order to keep the above objects, features, and advantages of the embodiment of the present invention more obvious and easy to understand, below in conjunction with the accompanying drawings
Technical solution in the embodiment of the present invention is described in further detail.
Fig. 2 is referred to, is a kind of flow diagram of system log transmission method provided in an embodiment of the present invention, wherein
The system log transmission method can be applied to the receiver in method example shown in Fig. 1, as shown in Fig. 2, the system log passes
Transmission method may comprise steps of:
Step 201 receives the system log that managed devices are sent.
In the embodiment of the present invention, in order to realize that managed devices send system log to receiver, it can be set being managed
The transmission target of standby upper setting system log, is set to IP address and the port of receiver, in turn, managed devices can
According to the IP address of set receiver and port, system log is sent to receiver.
Wherein, managed devices can send system log by udp protocol or Transmission Control Protocol to receiver.
Step 202, the log processing tool being transferred to the system log received by Transmission Control Protocol in Network Management Equipment.
In the embodiment of the present invention, it is contemplated that currently used log processing tool is to the data transmitted by udp protocol
Receptivity is poor, and packet loss is higher, when receiver receives the system log of managed devices transmission, can pass through TCP
The system log received is transferred to the log processing tool in Network Management Equipment by agreement.
As it can be seen that in method flow shown in Fig. 2, developed based on UDP Socket by disposing in systems, and supports TCP
Relay device of the receiver of agreement as system log, managed devices can be by Transmission Control Protocol or udp protocols by system day
Will is sent to receiver, and the log processing tool in Network Management Equipment is transferred to by Transmission Control Protocol by receiver, need not be by pipe
Under the premise of managing equipment support Transmission Control Protocol, the transmission performance of system log is improved, and reduce packet loss.
The present invention in one embodiment, the system log received is transferred to webmaster above by Transmission Control Protocol
Before log processing tool in equipment, can also include:
System log is filtered according to default filtering rule;Wherein, which is used to indicate receiver
To specifying source IP address or/and including specifying the system log of content to be filtered;
Correspondingly, the log processing work being transferred to the system log received above by Transmission Control Protocol in Network Management Equipment
Have, may include:
The log processing tool being transferred to filtered system log by Transmission Control Protocol in network management system.
It in this embodiment, can be by the part of log processing tool in order to reduce the operating pressure of log processing tool
Filtration is transferred to receiver processing.
Specifically, in this embodiment it is possible to be configured to the rule being filtered to system log on the receiver in advance
Then (referred to herein as default filtering rule), which can serve to indicate that receiver refusal specifies source IP address
Or/and including specifying the system log of content to pass through.
When receiver receives the system log of managed devices transmission, can be inquired according to the system log received
Default filtering rule, and processing is filtered to system log according to query result.
As an example it is assumed that default filtering rule is to refuse the system log that source IP address is IP1 to pass through, then work as receiver
When receiving system log, the source IP address that can inquire the system log (sends the managed devices of the system log
IP address), determine whether the source IP address of the system log is IP1, if so, the system log is transferred to webmaster and set by refusal
Log processing tool in standby, such as abandons the system log.
Again as an example it is assumed that default filtering rule is the system log that refusal includes I/O rate (input and output rate)
Pass through, then when receiving system log, the content of the system log can be inquired, determine in the content of the system log whether
Including I/O rate, if so, the system log is transferred to the log processing tool in Network Management Equipment by refusal, such as abandoning this is
System daily record.
In this embodiment, receiver is filtered processing according to default filtering rule to the system log received
Afterwards, the log processing tool that filtered system log can be transferred in Network Management Equipment, and then log processing can be reduced
The operating pressure of tool.
May include that multiple log processing tools are constituted in one embodiment, in above-mentioned Network Management Equipment in the present invention
Log processing tool cluster;
Correspondingly, the log processing work being transferred to the system log received above by Transmission Control Protocol in Network Management Equipment
Have, may include:
According to default load balancing strategy, the system log received is transferred to by Network Management Equipment cluster by Transmission Control Protocol
In each Network Management Equipment log processing tool.
In this embodiment, the Network Management Equipment of system log Transmission system includes the daily record that multiple log processing tools are constituted
Handling implement cluster improves the reliability and stability of system so as to avoid Single Point of Faliure.
Wherein, multiple log processing tool may be mounted in one or more Network Management Equipments.
It, can in advance in the receiver in order to realize the load balancing of each log processing tool in log processing tool cluster
Configuration load shares strategy (referred to herein as default load balancing strategy).
Wherein, each system log circle transmission which can include but is not limited to receive is to daily record
Each log processing tool in handling implement cluster, alternatively, giving each system log opportunistic transmission received to reception system log
(in this case, receiver needs to record the system log for being transferred to each log processing tool minimum log processing tool
Quantity) etc..
For example, it is to give each system log circle transmission received to log processing tool set with load balancing strategy
In group for each log processing tool, it is assumed that Network Management Equipment includes the log processing tool being made of log processing tool 1~3
Cluster, then receiver the receive the 1st system log can be transferred to log processing tool 1, be by the receive the 2nd
Receive the 3rd system log is transferred to log processing tool 3, will received by log transmission of uniting to log processing tool 2
The 4th system log be transferred to log processing tool 1 ... and so on.
It correspondingly, in this embodiment, can be according to default load balancing strategy when receiver receives system log
Each system log received is transferred to each log processing tool in log processing tool cluster.
It should be noted that in this embodiment, receiver will be connect according to default load balancing strategy by Transmission Control Protocol
The system log received is transferred in log processing tool cluster before each log processing tool, can also be first according to default filtering
Rule is filtered the system log received, and specific implementation repeats no more herein.
Fig. 3 is referred to, is the flow diagram of another system log transmission method provided in an embodiment of the present invention,
In, which can be applied to the receiver in method example shown in Fig. 1, as shown in figure 3, the system log
Transmission method may comprise steps of:
Step 301 receives the system log that managed devices are sent.
In the embodiment of the present invention, the specific implementation of step 301 may refer to the associated description in step 201, and the present invention is real
Applying example, details are not described herein.
The system log received is written by Transmission Control Protocol and specifies message queue by step 302, by Network Management Equipment
Log processing tool reads system log from specified message queue.
It, can be in system log Transmission system in order to further provide for system log efficiency of transmission in the embodiment of the present invention
Middle setting message queue (referred to herein as specified message queue), when receiver receives system log, can pass through Transmission Control Protocol
The system log received is written and specifies message queue, message queue is specified from this by the log processing tool in Network Management Equipment
Middle reading system log.
The present invention in one embodiment, above-mentioned Network Management Equipment includes the daily record of multiple log processing tools compositions
Handling implement cluster, above-mentioned specified message queue may include multiple subqueues;
It should be noted that in this embodiment, multiple subqueue can belong to same message queue, can also return
Belong to multiple and different message queues.
Correspondingly, the system log received is written above by Transmission Control Protocol and specifies message queue, may include:
According to default load balancing strategy, the system log received is written by Transmission Control Protocol and is specified in message queue
Each subqueue, by each log processing tool in log processing tool cluster respectively from corresponding subqueue read system day
Will.
In this embodiment, in order to avoid Single Point of Faliure, the reliability and stability of system, system log transmission system are improved
The Network Management Equipment of system may include the log processing tool cluster that multiple log processing tools are constituted.
Wherein, multiple log processing tool may be mounted in one or more Network Management Equipments.
In order to realize the load balancing of each log processing tool in log processing tool cluster, on the one hand, can be specified
Multiple subqueues are set in message queue, and the correspondence of each subqueue and log processing tool is set;Optionally, each sub- team
Row can be one-to-one relationship with the log processing tool in log processing tool cluster.Certainly, each subqueue and daily record
Log processing tool in handling implement cluster can also be many-to-one relationship.It on the other hand, can in advance in the receiver
Configuration load shares strategy (referred to herein as default load balancing strategy).
Wherein, which can include but is not limited to specify each system log recurrent wrIting received and disappear
Each subqueue for ceasing queue, alternatively, giving writing system daily record minimum subqueue each system log random writing received
(in this case, receiver needs to record the quantity for the system log that each subqueue is written) etc..
Correspondingly, in this embodiment, when receiver receives system log, can according to default load balancing strategy,
Each system log received is respectively written into each subqueue in specified message queue by Transmission Control Protocol, by log processing work
Each log processing tool reads system log from corresponding subqueue respectively in tool cluster, to realize each log processing tool
Load balancing.
As it can be seen that in method flow shown in Fig. 3, by the way that message queue is arranged in systems, receiver receives system day
When will, the system log received is written in the message queue by Transmission Control Protocol, by log processing tool from the message queue
Middle reading system log, further improves system log efficiency of transmission.
In a kind of optional embodiment, message queue can be Kafka message queues, and log processing tool is
Logstash.It is verified, system log is first put into Kafka, Logstash reads system log from Kafka again, can be with
Promote the performance that Logstash itself receives system log.
In order to make those skilled in the art more fully understand technical solution provided in an embodiment of the present invention, with reference to specific
Application scenarios illustrate technical solution provided in an embodiment of the present invention.
Fig. 4 is referred to, is a kind of configuration diagram of concrete application scene provided in an embodiment of the present invention, wherein at this
In embodiment, with message queue for Kafka message queues, the log processing tool installed in Network Management Equipment is that Logstash is
Example, as shown in figure 4, the application scenarios include managed devices, (based on UDP Socket exploitations, and support TCP is assisted receiver
View), Kafka clusters and Logstash clusters.
Wherein, Kafka clusters are provided with multiple subregions under same subject (Topic) (to include in Partition, Fig. 4
For 3 Partition (Partition0~Partition2), wherein a Partition is corresponded in above-described embodiment
One subqueue), each subregion and each Logstash in Logstash clusters are one-one relationship in Kafka clusters.
It should be noted that in practical applications, each subregion and each Logstash in Logstash clusters in Kafka clusters
It may be many-to-one relationship.
In this embodiment, the components such as receiver, Logstash, Kafka are distributed according to hardware resource, are deployed in different
In virtual machine or container.
On managed devices be arranged system log transmission target be receiver, that is, be configured with receiver IP address and
Port;In receiver configured with refusal specify source IP address or/and including specify content system log by filtering rule,
And (i.e. Partition0~Partition2 returns by Topic is specified in the system log recurrent wrIting Kafka clusters received
The Topic of category) under each subregion (i.e. Partition0~Partition2) load balancing strategy, and be configured with Kafka clusters
Address of service and specified Topic;Kafka interfaces are provided in Logstash clusters in each Logstash, the Kafka interfaces
Bind Kafka cluster services address and specified Topic.
Application scenarios based on shown in Fig. 4, system log transmission plan implementation process provided in an embodiment of the present invention are as follows:
1, managed devices send system log to receiver.
In this embodiment, managed devices can send system log by udp protocol or Transmission Control Protocol to receiver.
Preferably for the managed devices for supporting Transmission Control Protocol, system day is preferentially sent to receiver by Transmission Control Protocol
Will, to reduce packet loss.
2, receiver refusal specifies source IP address or/and including specifying the system log of content to pass through.
In this embodiment, it when receiver receives system log, can be inquired according to the system log received advance
The filtering rule of configuration, for matched system log, i.e., specified source IP address or/and the system log including specifying content,
Receiver can refuse the system log can abandon the system log by, for example, receiver;For unmatched system day
Will, receiver can execute subsequent processing.
3, each subregion that receiver will be specified under Topic in filtered system log recurrent wrIting to Kafka clusters.
For example, receiver can start a counter, the initial value of the counter is 0, and receiver is every time to Kafka collection
When specifying the subregion writing system daily record under Topic in group, using the value of counter to number of partitions remainder, using result as need
The ID for the subregion to be written often writes primary system daily record, and the value of counter is added 1.
Correspondingly, when Kafka clusters are written in system log by receiver the 1st time, system log can be written
Partition1 can be written when the 2nd time Kafka clusters are written in system log in system log by Partition0, the 3rd time
When Kafka clusters are written in system log, system log can be written to Partition2, system log is written the 4th
When Kafka clusters, Partition0 can be written in system log ... and so on.
4, each Logstash reads system log from corresponding subregion respectively in Logstash clusters.
By above description as can be seen that in technical solution provided in an embodiment of the present invention, by being passed in system log
Deployment is based on UDP Socket exploitations in defeated system, and supports the receiver of Transmission Control Protocol, and the system log of managed devices is sent
To receiver, the system log received is transferred to by the log processing tool in Network Management Equipment by Transmission Control Protocol by receiver,
System log efficiency of transmission is improved, packet loss is reduced.
Fig. 5 is referred to, is a kind of structural schematic diagram of system log transmitting device provided in an embodiment of the present invention, wherein
The device can be applied to the receiver in above method embodiment, as shown in figure 5, the system log transmitting device can wrap
It includes:
Receiving unit 510, the system log for receiving managed devices transmission;
Transmission unit 520, the day for being transferred to the system log received by Transmission Control Protocol in the Network Management Equipment
Will handling implement.
It is the structural schematic diagram of another system log transmitting device provided in an embodiment of the present invention please also refer to Fig. 6,
As shown in fig. 6, on the basis of system log transmitting device shown in Fig. 5, system shown in Figure 6 log transmission device can also wrap
It includes:
Filter element 530, for being filtered to the system log according to default filtering rule;Wherein, described default
Filtering rule is used to indicate the receiver refusal and specifies source IP address or/and including specifying the system log of content to pass through;
Filtered system log is transferred to the webmaster system by the transmission unit 520 specifically for passing through Transmission Control Protocol
Log processing tool in system.
In an alternative embodiment, the Network Management Equipment includes the log processing tool set that multiple log processing tools are constituted
Group;
Correspondingly, the transmission unit 520 is specifically used for, according to default load balancing strategy, to receive by Transmission Control Protocol
To system log be transferred to each log processing tool in the log processing tool cluster.
In an alternative embodiment, the transmission unit 520, specifically for the system log that will be received by Transmission Control Protocol
Message queue is specified in write-in, and system day is read from the specified message queue by the log processing tool in the Network Management Equipment
Will.
In an alternative embodiment, the Network Management Equipment includes the log processing tool set that multiple log processing tools are constituted
Group, the specified message queue includes multiple subregions;
Correspondingly, the transmission unit 520 is specifically used for, according to default load balancing strategy, to receive by Transmission Control Protocol
To system log each subregion in the specified message queue is written, by each log processing in the log processing tool cluster
Tool reads system log from corresponding subregion respectively.
In an alternative embodiment, the transmission unit 520, specifically for the system log that will be received by Transmission Control Protocol
Each subregion in message queue is specified described in recurrent wrIting.
The function of each unit and the realization process of effect specifically refer to and correspond to step in the above method in above-mentioned apparatus
Realization process, details are not described herein.
For device embodiments, since it corresponds essentially to embodiment of the method, so related place is referring to method reality
Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separating component
The unit of explanation may or may not be physically separated, and the component shown as unit can be or can also
It is not physical unit, you can be located at a place, or may be distributed over multiple network units.It can be according to actual
It needs that some or all of module therein is selected to realize the purpose of the present invention program.Those of ordinary skill in the art are not paying
In the case of going out creative work, you can to understand and implement.
As seen from the above-described embodiment, it by being disposed in system log Transmission system based on UDP Socket exploitations, and props up
The receiver of Transmission Control Protocol is held, the system log of managed devices is sent to receiver, will be received by Transmission Control Protocol by receiver
To system log be transferred to the log processing tool in Network Management Equipment, improve system log efficiency of transmission, reduce packet loss
Rate.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the present invention
Its embodiment.This application is intended to cover the present invention any variations, uses, or adaptations, these modifications, purposes or
Person's adaptive change follows the general principle of the present invention and includes undocumented common knowledge in the art of the invention
Or conventional techniques.The description and examples are only to be considered as illustrative, and true scope and spirit of the invention are by following
Claim is pointed out.
It should be understood that the invention is not limited in the precision architectures for being described above and being shown in the accompanying drawings, and
And various modifications and changes may be made without departing from the scope thereof.The scope of the present invention is limited only by the attached claims.
Claims (12)
1. a kind of system log transmission method, which is characterized in that be applied to include managed devices, receiver and Network Management Equipment
System log Transmission system in receiver, the receiver is based on User Datagram Protocol UDP socket Socket exploitation,
And support transmission control protocol TCP agreement, log processing tool is installed in the Network Management Equipment, the method includes:
Receive the system log that managed devices are sent;
The log processing tool being transferred to the system log received by Transmission Control Protocol in the Network Management Equipment.
2. according to the method described in claim 1, it is characterized in that, described passed the system log received by Transmission Control Protocol
Further include before the log processing tool being defeated by the Network Management Equipment:
The system log is filtered according to default filtering rule;Wherein, the default filtering rule is used to indicate described
Receiver refusal specifies source IP address or/and including specifying the system log of content to pass through;
It is described that system log is transferred to by the log processing tool in the Network Management Equipment by Transmission Control Protocol, including:
The log processing tool being transferred to filtered system log by Transmission Control Protocol in the network management system.
3. according to the method described in claim 1, it is characterized in that, the Network Management Equipment includes multiple log processing tool structures
At log processing tool cluster;
It is described that the system log received is transferred to by the log processing tool in the Network Management Equipment by Transmission Control Protocol, including:
According to default load balancing strategy, the system log received is transferred to by the log processing tool by Transmission Control Protocol
Each log processing tool in cluster.
4. according to the method described in claim 1, it is characterized in that, described will be received by transmission control protocol TCP agreement
System log be transferred to the log processing tool in the Network Management Equipment, including:
The system log received is written by Transmission Control Protocol and specifies message queue, by the log processing in the Network Management Equipment
Tool reads system log from the specified message queue.
5. according to claim 1-4 any one of them methods, which is characterized in that the specified message queue includes multiple sub- teams
Row;
The described system log received is written by Transmission Control Protocol specifies message queue, including:
According to default load balancing strategy, the system log received is written in the specified message queue by Transmission Control Protocol
Each subqueue, by each log processing tool in log processing tool cluster respectively from corresponding subqueue read system day
Will.
6. according to the method described in claim 5, it is characterized in that, described according to default load balancing strategy, pass through Transmission Control Protocol
Each subqueue in the specified message queue is written into the system log received, including:
Each subqueue that will be specified described in the system log recurrent wrIting received in message queue by Transmission Control Protocol.
7. a kind of system log transmitting device, which is characterized in that be applied to include managed devices, receiver and Network Management Equipment
System log Transmission system in receiver, the receiver is based on User Datagram Protocol UDP socket Socket exploitation,
And support transmission control protocol TCP agreement, log processing tool is installed in the Network Management Equipment, described device includes:
Receiving unit, the system log for receiving managed devices transmission;
Transmission unit, the log processing for being transferred to the system log received by Transmission Control Protocol in the Network Management Equipment
Tool.
8. device according to claim 7, which is characterized in that described device further includes:
Filter element, for being filtered to the system log according to default filtering rule;Wherein, the default filtering rule
It is used to indicate the receiver refusal and specifies source IP address or/and including specifying the system log of content to pass through;
The transmission unit, specifically for filtered system log is transferred in the network management system by Transmission Control Protocol
Log processing tool.
9. device according to claim 7, which is characterized in that the Network Management Equipment includes multiple log processing tool structures
At log processing tool cluster;
The transmission unit, is specifically used for according to default load balancing strategy, is passed the system log received by Transmission Control Protocol
Each log processing tool being defeated by the log processing tool cluster.
10. device according to claim 7, which is characterized in that
The transmission unit specifies message queue, by described specifically for the system log received is written by Transmission Control Protocol
Log processing tool in Network Management Equipment reads system log from the specified message queue.
11. according to claim 7-10 any one of them devices, which is characterized in that the specified message queue includes multiple sons
Queue;
The transmission unit is specifically used for, according to default load balancing strategy, writing the system log received by Transmission Control Protocol
Enter each subqueue in the specified message queue, by each log processing tool in log processing tool cluster respectively from corresponding
System log is read in subqueue.
12. according to the devices described in claim 11, which is characterized in that
The transmission unit, specifically for message team will be specified described in the system log recurrent wrIting received by Transmission Control Protocol
Each subqueue in row.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810362684.8A CN108718295A (en) | 2018-04-20 | 2018-04-20 | A kind of system log transmission method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810362684.8A CN108718295A (en) | 2018-04-20 | 2018-04-20 | A kind of system log transmission method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108718295A true CN108718295A (en) | 2018-10-30 |
Family
ID=63899227
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810362684.8A Pending CN108718295A (en) | 2018-04-20 | 2018-04-20 | A kind of system log transmission method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108718295A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101052034A (en) * | 2006-04-19 | 2007-10-10 | 华为技术有限公司 | Method and system for transmitting network event journal protocol message |
CN101662480A (en) * | 2009-09-01 | 2010-03-03 | 卡斯柯信号有限公司 | Log system based on access control |
CN102195795A (en) * | 2010-03-19 | 2011-09-21 | Tcl集团股份有限公司 | Intelligent district log system and log recording method thereof |
CN102394790A (en) * | 2011-09-29 | 2012-03-28 | 航天科工深圳(集团)有限公司 | On-line monitoring device and monitoring method of analog transmission line |
CN104144071A (en) * | 2013-05-10 | 2014-11-12 | 北京新媒传信科技有限公司 | System log processing method and platform |
WO2017223342A1 (en) * | 2016-06-22 | 2017-12-28 | Ntt Innovation Institute, Inc. | Botnet detection system and method |
-
2018
- 2018-04-20 CN CN201810362684.8A patent/CN108718295A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101052034A (en) * | 2006-04-19 | 2007-10-10 | 华为技术有限公司 | Method and system for transmitting network event journal protocol message |
CN101662480A (en) * | 2009-09-01 | 2010-03-03 | 卡斯柯信号有限公司 | Log system based on access control |
CN102195795A (en) * | 2010-03-19 | 2011-09-21 | Tcl集团股份有限公司 | Intelligent district log system and log recording method thereof |
CN102394790A (en) * | 2011-09-29 | 2012-03-28 | 航天科工深圳(集团)有限公司 | On-line monitoring device and monitoring method of analog transmission line |
CN104144071A (en) * | 2013-05-10 | 2014-11-12 | 北京新媒传信科技有限公司 | System log processing method and platform |
WO2017223342A1 (en) * | 2016-06-22 | 2017-12-28 | Ntt Innovation Institute, Inc. | Botnet detection system and method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP7085565B2 (en) | Intelligent thread management across isolated network stacks | |
CN105554065B (en) | Handle method, converting unit and the applying unit of message | |
US5060140A (en) | Universal programmable data communication connection system | |
JP3640187B2 (en) | Fault processing method for multiprocessor system, multiprocessor system and node | |
CN101702735B (en) | TCP service device and method | |
US8554980B2 (en) | Triggered notification | |
CN108881158A (en) | Data interaction system and method | |
CN105989539A (en) | Financial trading condition acquisition system and method | |
CN103139157B (en) | A kind of based on the network communication method of socket, Apparatus and system | |
JP2005539298A (en) | Method and system for remotely and dynamically configuring a server | |
CN101707608A (en) | Method and device for automatically testing application layer protocol | |
CN106357761A (en) | Distributed message communication middleware implementation software system based on real-time operating system | |
US20200012517A1 (en) | Computer system infrastructure and method of hosting an application software | |
CN110768862B (en) | Cloud platform physical link connectivity detection device, method and system | |
CN106452951A (en) | Information processing method, device and system | |
KR20160022327A (en) | Methods for managing transaction in software defined networking network | |
CN105763599B (en) | T-CDP implementation method and device under a kind of IPSAN | |
CN108718295A (en) | A kind of system log transmission method and device | |
WO2015196694A1 (en) | Single-board log information storage method and system | |
US10333792B2 (en) | Modular controller in software-defined networking environment and operating method thereof | |
CN101577647B (en) | Alarm box in support of multi-VLAN and processing method of alarming thereof | |
CN114237914A (en) | Management scheduling system based on hybrid cloud | |
CN111726329B (en) | Method for cloud management of gas station system | |
CN103491079B (en) | Message generating device, server and method | |
US20090043561A1 (en) | system and a method for a multi device emulation in network management system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181030 |