CN109614294A - Enterprise's log analysis access system - Google Patents
Enterprise's log analysis access system Download PDFInfo
- Publication number
- CN109614294A CN109614294A CN201811529773.3A CN201811529773A CN109614294A CN 109614294 A CN109614294 A CN 109614294A CN 201811529773 A CN201811529773 A CN 201811529773A CN 109614294 A CN109614294 A CN 109614294A
- Authority
- CN
- China
- Prior art keywords
- management
- thread
- log
- outer net
- host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3065—Monitoring arrangements determined by the means or processing involved in reporting the monitored data
- G06F11/3072—Monitoring arrangements determined by the means or processing involved in reporting the monitored data where the reporting involves data filtering, e.g. pattern matching, time or event triggered, adaptive or policy-based reporting
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Mathematical Physics (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses enterprise's log analysis access systems, belong to access system field.Including Network Abnormal monitoring, application process management, thread management, log centralized management, log Classification Management and log storage management, pass through detection network and determines whether network is safe, receive outer net request if network security, and outer net request distribution is managed collectively to application process management by application process management;It distributes by application process management to thread management, operation and running priority is decided whether by thread management;When thread management runs the operation of some thread, the centralized management of Summer Solstice or the Winter Solstice will is transmitted and sent to the data of receiving thread, is temporarily stored being sent to server by log centralized management;And thread-data is sent to log Classification Management, classified using MAP (KEY, VALUE) mode, the data of classification are being sent to log storage management record.The present invention provides a kind of system of log homogeneous classification management, reduces the unnecessary EMS memory occupation of server.
Description
Technical field
The invention belongs to access system fields, are related to enterprise's log analysis access system.
Background technique
Along with the rapid development of information technology and the continuous improvement of IT application in enterprises degree, the broadband networks of multi-service fusion
Network has become the important leverage of enterprise's normal operation.In order to ensure a stabilization, safe and efficient network operation environment, pipe
Reason person has to face many problems.
It is now problematic to be excessively to rely on administrator, manual extraction information is needed, is manually checked item by item, a collection is lacked
In, uniformly, efficiently log information management and display platform.
Summary of the invention
It is an object of the invention to: enterprise's log analysis access system is provided, all logs can be screened,
And be managed collectively, reduce the unnecessary EMS memory occupation of server, is convenient for Classification Management.
The technical solution adopted by the invention is as follows: enterprise's log analysis access system, Network Abnormal monitoring, application process pipe
Reason, thread management, log centralized management, log Classification Management and log storage management by detection network and determine that network is
No safety receives outer net request if network security, and by outer net request distribution to application process management, by application process management
Unified management;It distributes by application process management to thread management, operation and running priority is decided whether by thread management;When
When thread management runs the operation of some thread, the data of receiving thread are transmitted and send the centralized management of Summer Solstice or the Winter Solstice will, by log collection
Middle management is sent to server and is temporarily stored;And thread-data is sent to log Classification Management, using MAP (KEY,
VALUE) mode is classified, and the data of classification are being sent to log storage management record.
Further, the Network Abnormal monitoring, host obtain the input Source Type of outer net, the input source that will acquire in real time
Type is compared with the preset outer net input Source Type of host;If the input Source Type of outer net is in the preset outer net input of host
Within the scope of Source Type, judge that this outer net is positive normal secure network, then host allows the access of this outer net, and request of accepting the interview;
If the input Source Type of outer net in the preset outer net input source Type Range of host, does not judge this outer net for improper safety net
Network, then mainframe host computer refuses the access of this outer net, and disconnects access request.
Further, when the input Source Type for judging outer net is positive normal secure network, the access request of outer net is distributed
To application process management, and naming this process is A process, by the turn-on time of host assignment A process and other processes, access it is suitable
Sequence and turn-on time are managed all processes by application process management;When application process management detects that some process is different
Chang Shi, application process management automatic forced terminate the process.
Further, when A process enters application process management, application process management distributes a thread to A automatically
Process, and it is named as A thread, while A thread enters thread management;After A thread enters thread management, by thread management
Unified monitoring is carried out, and distributes access sequence, turn-on time and the process end time of each thread unitedly by thread management;
If A thread and other threads occur abnormal, thread management automatic forced terminates abnormal thread occur and waits residue
Thread access;If host running memory occurs abnormal, thread management ends automatically be currently running in thread, in release operation
It deposits.
Further, when thread management allow A thread allow when, A thread by the access data of extranet access host together
It is brought into host, and enters log centralized management, server is transmitted to by log centralized management and is temporarily stored, and forwards the Summer Solstice or the Winter Solstice
Will Classification Management.
Further, the log Classification Management receives the thread-data managed concentratedly from log, with MAP (KEY,
VALUE form) stores thread-data, and every thread-data is stored according to the form of MAP (KEY, VALUE);Wherein KEY is stored
The type of thread-data, VALUE stores the content of thread-data, and is divided the MAP value of same type KEY by log Classification Management
With together.
Further, after log Classification Management is assigned all thread-datas, log Classification Management will be all
Thread-data is classified according to MAP (KEY, VALUE), and is sent to log storage management according to the classification of the MAP value of identical KEY,
By log storage management book of final entry KEY value, stored being sent to server by log storage management.
In conclusion by adopting the above-described technical solution, the beneficial effects of the present invention are:
1. enterprise's log analysis access system of the present invention, is monitored by Network Abnormal, judge whether the outer net of access is positive
Normal secure network avoids rubbish program from entering host, occupies server memory.
2. enterprise's log analysis access system of the present invention, using application process management, can each process of real-time monitoring be
No normal operation.
3. enterprise's log analysis access system of the present invention, the outer net of each access is distributed to thread management, can be real-time
Monitor per thread whether safe and effective operation, be provided simultaneously with force terminate and reasonable distribution ability, avoid unnecessary
Thread occupied space.
4. enterprise's log analysis access system of the present invention, log Classification Management is stored using the mode of MAP (KEY, VALUE)
Each data records and is classified convenient for log storage management.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings, in which:
Fig. 1 is system flow chart of the invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not
For limiting the present invention, i.e., described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is logical
The component for the embodiment of the present invention being often described and illustrated herein in the accompanying drawings can be arranged and be designed with a variety of different configurations.
Therefore, the detailed description of the embodiment of the present invention provided in the accompanying drawings is not intended to limit below claimed
The scope of the present invention, but be merely representative of selected embodiment of the invention.Based on the embodiment of the present invention, those skilled in the art
Member's every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
It should be noted that the relational terms of term " first " and " second " or the like be used merely to an entity or
Operation is distinguished with another entity or operation, and without necessarily requiring or implying between these entities or operation, there are any
This actual relationship or sequence.Moreover, the terms "include", "comprise" or its any other variant be intended to it is non-exclusive
Property include so that include a series of elements process, method, article or equipment not only include those elements, but also
Further include other elements that are not explicitly listed, or further include for this process, method, article or equipment it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described
There is also other identical elements in the process, method, article or equipment of element.
Feature and performance of the invention are described in further detail below with reference to embodiment.
Embodiment one
Enterprise's log analysis access system that present pre-ferred embodiments provide, including Network Abnormal monitoring, application process
Management, thread management, log centralized management, log Classification Management and log storage management by detection network and determine network
It is whether safe, receive outer net request if network security, and by outer net request distribution to application process management, by application process pipe
Reason unified management;It distributes by application process management to thread management, operation and running priority is decided whether by thread management;
When thread management runs the operation of some thread, the data of receiving thread are transmitted and send the centralized management of Summer Solstice or the Winter Solstice will, by log
Centralized management is sent to server and is temporarily stored;And thread-data is sent to log Classification Management, using MAP (KEY,
VALUE) mode is classified, and the data of classification are being sent to log storage management record.
Embodiment two
The present embodiment is on the basis of example 1, it is preferable that Network Abnormal monitoring, host obtain the input of outer net in real time
Source Type, the input Source Type that will acquire are compared with the preset outer net input Source Type of host;If the input source class of outer net
Type judges that this outer net is positive normal secure network, then host allows this outer net in the preset outer net input source Type Range of host
Access, and request of accepting the interview;If the input Source Type of outer net in the preset outer net input source Type Range of host, is not sentenced
This outer net break as improper secure network, then mainframe host computer refuses the access of this outer net, and disconnects access request.
Preferably, when the input Source Type for judging outer net is positive normal secure network, by the access request of outer net distribute to
Application process management, and naming this process is A process, by the turn-on time of host assignment A process and other processes, access sequence
And turn-on time, all processes are managed by application process management;When application process management detects some process exception
When, application process management automatic forced terminates the process.
Preferably, when A process enter application process management when, application process management automatically distribution one thread to A into
Journey, and it is named as A thread, while A thread enters thread management;After A thread enters thread management, by thread management into
Row unified monitoring, and distribute by thread management access sequence, turn-on time and the process end time of each thread unitedly;If
When A thread and other threads occur abnormal, thread management automatic forced terminates the line for abnormal thread occur and waiting residue
Journey access;If host running memory occurs abnormal, thread management ends automatically be currently running in thread, in release operation
It deposits.
Preferably, when thread management allows A thread to allow, A thread is by the access data of extranet access host together band
Enter to host, and enter log centralized management, server is transmitted to by log centralized management and is temporarily stored, and is forwarded to log
Classification Management.
Preferably, log Classification Management receives the thread-data managed concentratedly from log, with MAP's (KEY, VALUE)
Form stores thread-data, and every thread-data is stored according to the form of MAP (KEY, VALUE);Wherein KEY stores thread-data
Type, VALUE stores the content of thread-data, and is distributed the MAP value of same type KEY one by log Classification Management
It rises.
Preferably, after log Classification Management is assigned all thread-datas, log Classification Management is by all lines
Number of passes is classified according to according to MAP (KEY, VALUE), and is sent to log storage management according to the classification of the MAP value of identical KEY, by
Log storage management book of final entry KEY value, is stored being sent to server by log storage management.
The foregoing is merely illustrative of the preferred embodiments of the present invention, the protection scope being not intended to limit the invention, any
Those skilled in the art within the spirit and principles in the present invention made by any modifications, equivalent replacements, and improvements etc.,
It should all be included in the protection scope of the present invention.
Claims (7)
1. enterprise's log analysis access system, it is characterised in that: including Network Abnormal monitoring, application process management, thread management,
Log centralized management, log Classification Management and log storage management.
2. enterprise's log analysis access system according to claim 1, it is characterised in that: the Network Abnormal monitoring, it is main
Machine obtains the input Source Type of outer net in real time, and the input Source Type that will acquire and host preset outer net input Source Type carry out pair
Than;If the input Source Type of outer net in the preset outer net input source Type Range of host, judges this outer net and is positive normal safety net
Network, then host allows the access of this outer net, and request of accepting the interview;If the input Source Type of outer net is not in the preset outer net of host
In input source Type Range, this outer net is judged for improper secure network, then host refuses the access of this outer net, and disconnects access
Request.
3. enterprise's log analysis access system according to claim 2, it is characterised in that: when the input source class for judging outer net
When type is normal secure network, the access request of outer net is distributed to application process management, and naming this process is A process, by
The turn-on time of host assignment A process and other processes, access sequence and turn-on time, by application process management to all processes
It is managed;When application process management detects some process exception, application process management automatic forced terminates the process.
4. enterprise's log analysis access system according to claim 3, it is characterised in that: when A process enter using into
When thread management, one thread of distribution gives A process automatically for application process management, and is named as A thread, while A thread enters line
Thread management;After A thread enters thread management, unified monitoring is carried out by thread management, and distributed unitedly respectively by thread management
Access sequence, turn-on time and the process end time of a thread;If A thread and other threads occur abnormal, thread pipe
Reason automatic forced terminates abnormal thread occur and the thread for waiting residue accesses;If host running memory occurs abnormal,
Thread management ends automatically be currently running in thread, discharge running memory.
5. enterprise's log analysis access system according to claim 4, it is characterised in that: when thread management allows A thread
When permission, the access data of extranet access host are brought into host by A thread together, and enter log centralized management, by day
Will centralized management is transmitted to server and temporarily stores, and is forwarded to log Classification Management.
6. enterprise's log analysis access system according to claim 5, it is characterised in that: the log Classification Management receives
Thread-data from log centralized management stores thread-data in the form of MAP (KEY, VALUE), and every thread-data is pressed
According to the form storage of MAP (KEY, VALUE);Wherein KEY stores the type of thread-data, and VALUE stores the content of thread-data,
And the MAP value of same type KEY is distributed together by log Classification Management.
7. enterprise's log analysis access system according to claim 6, it is characterised in that: when log Classification Management distributes
After all thread-datas, log Classification Management classifies all thread-datas according to MAP (KEY, VALUE), and presses
Photograph is sent to log storage management with the MAP value classification of KEY, by log storage management book of final entry KEY value, deposits by log
Storage management is sent to server and is stored.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811529773.3A CN109614294A (en) | 2018-12-14 | 2018-12-14 | Enterprise's log analysis access system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811529773.3A CN109614294A (en) | 2018-12-14 | 2018-12-14 | Enterprise's log analysis access system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109614294A true CN109614294A (en) | 2019-04-12 |
Family
ID=66009307
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811529773.3A Pending CN109614294A (en) | 2018-12-14 | 2018-12-14 | Enterprise's log analysis access system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109614294A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201491034U (en) * | 2009-09-01 | 2010-05-26 | 卡斯柯信号有限公司 | Log processing device based on access control |
CN102710452A (en) * | 2012-06-26 | 2012-10-03 | 深圳市华力特电气股份有限公司 | Method and device for managing visit of multiple clients |
CN103440457A (en) * | 2013-08-20 | 2013-12-11 | 上海交通大学 | Binary program analytic system based on process simulation |
CN106095864A (en) * | 2016-06-03 | 2016-11-09 | 中国工商银行股份有限公司 | A kind of log processing system and method |
CN107544756A (en) * | 2017-08-03 | 2018-01-05 | 上海交通大学 | Method is locally stored in Key Value log types based on SCM |
CN108182263A (en) * | 2018-01-05 | 2018-06-19 | 郑州云海信息技术有限公司 | A kind of date storage method of data center's total management system |
-
2018
- 2018-12-14 CN CN201811529773.3A patent/CN109614294A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201491034U (en) * | 2009-09-01 | 2010-05-26 | 卡斯柯信号有限公司 | Log processing device based on access control |
CN102710452A (en) * | 2012-06-26 | 2012-10-03 | 深圳市华力特电气股份有限公司 | Method and device for managing visit of multiple clients |
CN103440457A (en) * | 2013-08-20 | 2013-12-11 | 上海交通大学 | Binary program analytic system based on process simulation |
CN106095864A (en) * | 2016-06-03 | 2016-11-09 | 中国工商银行股份有限公司 | A kind of log processing system and method |
CN107544756A (en) * | 2017-08-03 | 2018-01-05 | 上海交通大学 | Method is locally stored in Key Value log types based on SCM |
CN108182263A (en) * | 2018-01-05 | 2018-06-19 | 郑州云海信息技术有限公司 | A kind of date storage method of data center's total management system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105631026A (en) | Security data analysis system | |
CN109271793B (en) | Internet of things cloud platform equipment category identification method and system | |
CN106095575B (en) | A kind of devices, systems, and methods of log audit | |
CN107730647A (en) | A kind of smart mobile phone cruising inspection system and its method for inspecting based on SCADA | |
CN108429656A (en) | A method of monitoring physical machine network interface card connection status | |
CN105760452A (en) | Method and system for collection, processing and storage of high-concurrency mass data | |
CN109933548A (en) | A kind of computer data management system and method | |
CN106095638A (en) | The method of a kind of server resource alarm, Apparatus and system | |
CN113535518B (en) | Distributed real-time dynamic monitoring method and system for user behaviors | |
CN109032904A (en) | Monitored, management server and data acquisition, analysis method and management system | |
CN108418854A (en) | A kind of dependence implementation method based on kubernetes | |
CN108063685A (en) | Log analysis method and device | |
CN114925391A (en) | Method and device for monitoring circulation of private information, electronic equipment and storage medium | |
CN114900333A (en) | Multi-region safety protection method, device, equipment and readable storage medium | |
CN109800133A (en) | A kind of method, one-stop monitoring alarm platform and the system of unified monitoring alarm | |
CN105187490B (en) | A kind of transfer processing method of internet of things data | |
CN108304293A (en) | A kind of software systems monitoring method based on big data technology | |
CN105045100A (en) | Intelligent operation monitoring platform for management by use of mass data | |
CN109614294A (en) | Enterprise's log analysis access system | |
CN113821794B (en) | Distributed trusted computing system and method | |
CN115130994A (en) | Digital city management system | |
CN115941441A (en) | System link automation monitoring operation and maintenance method, system, equipment and medium | |
CN114297841A (en) | Simulation model resource system construction system and construction method thereof | |
CN106168919A (en) | A kind of database backup method, Apparatus and system | |
CN105550094B (en) | A kind of high-availability system state automatic monitoring method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190412 |
|
RJ01 | Rejection of invention patent application after publication |