CN109614294A - Enterprise's log analysis access system - Google Patents

Enterprise's log analysis access system Download PDF

Info

Publication number
CN109614294A
CN109614294A CN201811529773.3A CN201811529773A CN109614294A CN 109614294 A CN109614294 A CN 109614294A CN 201811529773 A CN201811529773 A CN 201811529773A CN 109614294 A CN109614294 A CN 109614294A
Authority
CN
China
Prior art keywords
management
thread
log
outer net
host
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811529773.3A
Other languages
Chinese (zh)
Inventor
董垭楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan Fengfeng Information Technology Co Ltd
Original Assignee
Henan Fengfeng Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan Fengfeng Information Technology Co Ltd filed Critical Henan Fengfeng Information Technology Co Ltd
Priority to CN201811529773.3A priority Critical patent/CN109614294A/en
Publication of CN109614294A publication Critical patent/CN109614294A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/302Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3065Monitoring arrangements determined by the means or processing involved in reporting the monitored data
    • G06F11/3072Monitoring arrangements determined by the means or processing involved in reporting the monitored data where the reporting involves data filtering, e.g. pattern matching, time or event triggered, adaptive or policy-based reporting

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Mathematical Physics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses enterprise's log analysis access systems, belong to access system field.Including Network Abnormal monitoring, application process management, thread management, log centralized management, log Classification Management and log storage management, pass through detection network and determines whether network is safe, receive outer net request if network security, and outer net request distribution is managed collectively to application process management by application process management;It distributes by application process management to thread management, operation and running priority is decided whether by thread management;When thread management runs the operation of some thread, the centralized management of Summer Solstice or the Winter Solstice will is transmitted and sent to the data of receiving thread, is temporarily stored being sent to server by log centralized management;And thread-data is sent to log Classification Management, classified using MAP (KEY, VALUE) mode, the data of classification are being sent to log storage management record.The present invention provides a kind of system of log homogeneous classification management, reduces the unnecessary EMS memory occupation of server.

Description

Enterprise's log analysis access system
Technical field
The invention belongs to access system fields, are related to enterprise's log analysis access system.
Background technique
Along with the rapid development of information technology and the continuous improvement of IT application in enterprises degree, the broadband networks of multi-service fusion Network has become the important leverage of enterprise's normal operation.In order to ensure a stabilization, safe and efficient network operation environment, pipe Reason person has to face many problems.
It is now problematic to be excessively to rely on administrator, manual extraction information is needed, is manually checked item by item, a collection is lacked In, uniformly, efficiently log information management and display platform.
Summary of the invention
It is an object of the invention to: enterprise's log analysis access system is provided, all logs can be screened, And be managed collectively, reduce the unnecessary EMS memory occupation of server, is convenient for Classification Management.
The technical solution adopted by the invention is as follows: enterprise's log analysis access system, Network Abnormal monitoring, application process pipe Reason, thread management, log centralized management, log Classification Management and log storage management by detection network and determine that network is No safety receives outer net request if network security, and by outer net request distribution to application process management, by application process management Unified management;It distributes by application process management to thread management, operation and running priority is decided whether by thread management;When When thread management runs the operation of some thread, the data of receiving thread are transmitted and send the centralized management of Summer Solstice or the Winter Solstice will, by log collection Middle management is sent to server and is temporarily stored;And thread-data is sent to log Classification Management, using MAP (KEY, VALUE) mode is classified, and the data of classification are being sent to log storage management record.
Further, the Network Abnormal monitoring, host obtain the input Source Type of outer net, the input source that will acquire in real time Type is compared with the preset outer net input Source Type of host;If the input Source Type of outer net is in the preset outer net input of host Within the scope of Source Type, judge that this outer net is positive normal secure network, then host allows the access of this outer net, and request of accepting the interview; If the input Source Type of outer net in the preset outer net input source Type Range of host, does not judge this outer net for improper safety net Network, then mainframe host computer refuses the access of this outer net, and disconnects access request.
Further, when the input Source Type for judging outer net is positive normal secure network, the access request of outer net is distributed To application process management, and naming this process is A process, by the turn-on time of host assignment A process and other processes, access it is suitable Sequence and turn-on time are managed all processes by application process management;When application process management detects that some process is different Chang Shi, application process management automatic forced terminate the process.
Further, when A process enters application process management, application process management distributes a thread to A automatically Process, and it is named as A thread, while A thread enters thread management;After A thread enters thread management, by thread management Unified monitoring is carried out, and distributes access sequence, turn-on time and the process end time of each thread unitedly by thread management; If A thread and other threads occur abnormal, thread management automatic forced terminates abnormal thread occur and waits residue Thread access;If host running memory occurs abnormal, thread management ends automatically be currently running in thread, in release operation It deposits.
Further, when thread management allow A thread allow when, A thread by the access data of extranet access host together It is brought into host, and enters log centralized management, server is transmitted to by log centralized management and is temporarily stored, and forwards the Summer Solstice or the Winter Solstice Will Classification Management.
Further, the log Classification Management receives the thread-data managed concentratedly from log, with MAP (KEY, VALUE form) stores thread-data, and every thread-data is stored according to the form of MAP (KEY, VALUE);Wherein KEY is stored The type of thread-data, VALUE stores the content of thread-data, and is divided the MAP value of same type KEY by log Classification Management With together.
Further, after log Classification Management is assigned all thread-datas, log Classification Management will be all Thread-data is classified according to MAP (KEY, VALUE), and is sent to log storage management according to the classification of the MAP value of identical KEY, By log storage management book of final entry KEY value, stored being sent to server by log storage management.
In conclusion by adopting the above-described technical solution, the beneficial effects of the present invention are:
1. enterprise's log analysis access system of the present invention, is monitored by Network Abnormal, judge whether the outer net of access is positive Normal secure network avoids rubbish program from entering host, occupies server memory.
2. enterprise's log analysis access system of the present invention, using application process management, can each process of real-time monitoring be No normal operation.
3. enterprise's log analysis access system of the present invention, the outer net of each access is distributed to thread management, can be real-time Monitor per thread whether safe and effective operation, be provided simultaneously with force terminate and reasonable distribution ability, avoid unnecessary Thread occupied space.
4. enterprise's log analysis access system of the present invention, log Classification Management is stored using the mode of MAP (KEY, VALUE) Each data records and is classified convenient for log storage management.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this A little attached drawings obtain other relevant attached drawings, in which:
Fig. 1 is system flow chart of the invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not For limiting the present invention, i.e., described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is logical The component for the embodiment of the present invention being often described and illustrated herein in the accompanying drawings can be arranged and be designed with a variety of different configurations.
Therefore, the detailed description of the embodiment of the present invention provided in the accompanying drawings is not intended to limit below claimed The scope of the present invention, but be merely representative of selected embodiment of the invention.Based on the embodiment of the present invention, those skilled in the art Member's every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
It should be noted that the relational terms of term " first " and " second " or the like be used merely to an entity or Operation is distinguished with another entity or operation, and without necessarily requiring or implying between these entities or operation, there are any This actual relationship or sequence.Moreover, the terms "include", "comprise" or its any other variant be intended to it is non-exclusive Property include so that include a series of elements process, method, article or equipment not only include those elements, but also Further include other elements that are not explicitly listed, or further include for this process, method, article or equipment it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described There is also other identical elements in the process, method, article or equipment of element.
Feature and performance of the invention are described in further detail below with reference to embodiment.
Embodiment one
Enterprise's log analysis access system that present pre-ferred embodiments provide, including Network Abnormal monitoring, application process Management, thread management, log centralized management, log Classification Management and log storage management by detection network and determine network It is whether safe, receive outer net request if network security, and by outer net request distribution to application process management, by application process pipe Reason unified management;It distributes by application process management to thread management, operation and running priority is decided whether by thread management; When thread management runs the operation of some thread, the data of receiving thread are transmitted and send the centralized management of Summer Solstice or the Winter Solstice will, by log Centralized management is sent to server and is temporarily stored;And thread-data is sent to log Classification Management, using MAP (KEY, VALUE) mode is classified, and the data of classification are being sent to log storage management record.
Embodiment two
The present embodiment is on the basis of example 1, it is preferable that Network Abnormal monitoring, host obtain the input of outer net in real time Source Type, the input Source Type that will acquire are compared with the preset outer net input Source Type of host;If the input source class of outer net Type judges that this outer net is positive normal secure network, then host allows this outer net in the preset outer net input source Type Range of host Access, and request of accepting the interview;If the input Source Type of outer net in the preset outer net input source Type Range of host, is not sentenced This outer net break as improper secure network, then mainframe host computer refuses the access of this outer net, and disconnects access request.
Preferably, when the input Source Type for judging outer net is positive normal secure network, by the access request of outer net distribute to Application process management, and naming this process is A process, by the turn-on time of host assignment A process and other processes, access sequence And turn-on time, all processes are managed by application process management;When application process management detects some process exception When, application process management automatic forced terminates the process.
Preferably, when A process enter application process management when, application process management automatically distribution one thread to A into Journey, and it is named as A thread, while A thread enters thread management;After A thread enters thread management, by thread management into Row unified monitoring, and distribute by thread management access sequence, turn-on time and the process end time of each thread unitedly;If When A thread and other threads occur abnormal, thread management automatic forced terminates the line for abnormal thread occur and waiting residue Journey access;If host running memory occurs abnormal, thread management ends automatically be currently running in thread, in release operation It deposits.
Preferably, when thread management allows A thread to allow, A thread is by the access data of extranet access host together band Enter to host, and enter log centralized management, server is transmitted to by log centralized management and is temporarily stored, and is forwarded to log Classification Management.
Preferably, log Classification Management receives the thread-data managed concentratedly from log, with MAP's (KEY, VALUE) Form stores thread-data, and every thread-data is stored according to the form of MAP (KEY, VALUE);Wherein KEY stores thread-data Type, VALUE stores the content of thread-data, and is distributed the MAP value of same type KEY one by log Classification Management It rises.
Preferably, after log Classification Management is assigned all thread-datas, log Classification Management is by all lines Number of passes is classified according to according to MAP (KEY, VALUE), and is sent to log storage management according to the classification of the MAP value of identical KEY, by Log storage management book of final entry KEY value, is stored being sent to server by log storage management.
The foregoing is merely illustrative of the preferred embodiments of the present invention, the protection scope being not intended to limit the invention, any Those skilled in the art within the spirit and principles in the present invention made by any modifications, equivalent replacements, and improvements etc., It should all be included in the protection scope of the present invention.

Claims (7)

1. enterprise's log analysis access system, it is characterised in that: including Network Abnormal monitoring, application process management, thread management, Log centralized management, log Classification Management and log storage management.
2. enterprise's log analysis access system according to claim 1, it is characterised in that: the Network Abnormal monitoring, it is main Machine obtains the input Source Type of outer net in real time, and the input Source Type that will acquire and host preset outer net input Source Type carry out pair Than;If the input Source Type of outer net in the preset outer net input source Type Range of host, judges this outer net and is positive normal safety net Network, then host allows the access of this outer net, and request of accepting the interview;If the input Source Type of outer net is not in the preset outer net of host In input source Type Range, this outer net is judged for improper secure network, then host refuses the access of this outer net, and disconnects access Request.
3. enterprise's log analysis access system according to claim 2, it is characterised in that: when the input source class for judging outer net When type is normal secure network, the access request of outer net is distributed to application process management, and naming this process is A process, by The turn-on time of host assignment A process and other processes, access sequence and turn-on time, by application process management to all processes It is managed;When application process management detects some process exception, application process management automatic forced terminates the process.
4. enterprise's log analysis access system according to claim 3, it is characterised in that: when A process enter using into When thread management, one thread of distribution gives A process automatically for application process management, and is named as A thread, while A thread enters line Thread management;After A thread enters thread management, unified monitoring is carried out by thread management, and distributed unitedly respectively by thread management Access sequence, turn-on time and the process end time of a thread;If A thread and other threads occur abnormal, thread pipe Reason automatic forced terminates abnormal thread occur and the thread for waiting residue accesses;If host running memory occurs abnormal, Thread management ends automatically be currently running in thread, discharge running memory.
5. enterprise's log analysis access system according to claim 4, it is characterised in that: when thread management allows A thread When permission, the access data of extranet access host are brought into host by A thread together, and enter log centralized management, by day Will centralized management is transmitted to server and temporarily stores, and is forwarded to log Classification Management.
6. enterprise's log analysis access system according to claim 5, it is characterised in that: the log Classification Management receives Thread-data from log centralized management stores thread-data in the form of MAP (KEY, VALUE), and every thread-data is pressed According to the form storage of MAP (KEY, VALUE);Wherein KEY stores the type of thread-data, and VALUE stores the content of thread-data, And the MAP value of same type KEY is distributed together by log Classification Management.
7. enterprise's log analysis access system according to claim 6, it is characterised in that: when log Classification Management distributes After all thread-datas, log Classification Management classifies all thread-datas according to MAP (KEY, VALUE), and presses Photograph is sent to log storage management with the MAP value classification of KEY, by log storage management book of final entry KEY value, deposits by log Storage management is sent to server and is stored.
CN201811529773.3A 2018-12-14 2018-12-14 Enterprise's log analysis access system Pending CN109614294A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811529773.3A CN109614294A (en) 2018-12-14 2018-12-14 Enterprise's log analysis access system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811529773.3A CN109614294A (en) 2018-12-14 2018-12-14 Enterprise's log analysis access system

Publications (1)

Publication Number Publication Date
CN109614294A true CN109614294A (en) 2019-04-12

Family

ID=66009307

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811529773.3A Pending CN109614294A (en) 2018-12-14 2018-12-14 Enterprise's log analysis access system

Country Status (1)

Country Link
CN (1) CN109614294A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201491034U (en) * 2009-09-01 2010-05-26 卡斯柯信号有限公司 Log processing device based on access control
CN102710452A (en) * 2012-06-26 2012-10-03 深圳市华力特电气股份有限公司 Method and device for managing visit of multiple clients
CN103440457A (en) * 2013-08-20 2013-12-11 上海交通大学 Binary program analytic system based on process simulation
CN106095864A (en) * 2016-06-03 2016-11-09 中国工商银行股份有限公司 A kind of log processing system and method
CN107544756A (en) * 2017-08-03 2018-01-05 上海交通大学 Method is locally stored in Key Value log types based on SCM
CN108182263A (en) * 2018-01-05 2018-06-19 郑州云海信息技术有限公司 A kind of date storage method of data center's total management system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201491034U (en) * 2009-09-01 2010-05-26 卡斯柯信号有限公司 Log processing device based on access control
CN102710452A (en) * 2012-06-26 2012-10-03 深圳市华力特电气股份有限公司 Method and device for managing visit of multiple clients
CN103440457A (en) * 2013-08-20 2013-12-11 上海交通大学 Binary program analytic system based on process simulation
CN106095864A (en) * 2016-06-03 2016-11-09 中国工商银行股份有限公司 A kind of log processing system and method
CN107544756A (en) * 2017-08-03 2018-01-05 上海交通大学 Method is locally stored in Key Value log types based on SCM
CN108182263A (en) * 2018-01-05 2018-06-19 郑州云海信息技术有限公司 A kind of date storage method of data center's total management system

Similar Documents

Publication Publication Date Title
CN105631026A (en) Security data analysis system
CN109271793B (en) Internet of things cloud platform equipment category identification method and system
CN106095575B (en) A kind of devices, systems, and methods of log audit
CN107730647A (en) A kind of smart mobile phone cruising inspection system and its method for inspecting based on SCADA
CN108429656A (en) A method of monitoring physical machine network interface card connection status
CN105760452A (en) Method and system for collection, processing and storage of high-concurrency mass data
CN109933548A (en) A kind of computer data management system and method
CN106095638A (en) The method of a kind of server resource alarm, Apparatus and system
CN113535518B (en) Distributed real-time dynamic monitoring method and system for user behaviors
CN109032904A (en) Monitored, management server and data acquisition, analysis method and management system
CN108418854A (en) A kind of dependence implementation method based on kubernetes
CN108063685A (en) Log analysis method and device
CN114925391A (en) Method and device for monitoring circulation of private information, electronic equipment and storage medium
CN114900333A (en) Multi-region safety protection method, device, equipment and readable storage medium
CN109800133A (en) A kind of method, one-stop monitoring alarm platform and the system of unified monitoring alarm
CN105187490B (en) A kind of transfer processing method of internet of things data
CN108304293A (en) A kind of software systems monitoring method based on big data technology
CN105045100A (en) Intelligent operation monitoring platform for management by use of mass data
CN109614294A (en) Enterprise's log analysis access system
CN113821794B (en) Distributed trusted computing system and method
CN115130994A (en) Digital city management system
CN115941441A (en) System link automation monitoring operation and maintenance method, system, equipment and medium
CN114297841A (en) Simulation model resource system construction system and construction method thereof
CN106168919A (en) A kind of database backup method, Apparatus and system
CN105550094B (en) A kind of high-availability system state automatic monitoring method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190412

RJ01 Rejection of invention patent application after publication