CN109672583A - Method for monitoring network, equipment, storage medium and device - Google Patents
Method for monitoring network, equipment, storage medium and device Download PDFInfo
- Publication number
- CN109672583A CN109672583A CN201811128721.5A CN201811128721A CN109672583A CN 109672583 A CN109672583 A CN 109672583A CN 201811128721 A CN201811128721 A CN 201811128721A CN 109672583 A CN109672583 A CN 109672583A
- Authority
- CN
- China
- Prior art keywords
- checked
- network
- information
- call relation
- business
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of method for monitoring network, equipment, storage medium and devices, this method comprises: receiving service inquiry instruction, extract operation flow to be checked from service inquiry instruction;Network data flow is acquired by network shunt device, business information to be checked corresponding with the operation flow to be checked is extracted from the network data flow;Judge whether the business information to be checked deviates preset reference range;If the business information to be checked deviates the preset reference range, alarm prompt is carried out.In the present invention, network data flow is acquired, it can be achieved that real-time monitoring operation flow state, by carrying out alarm prompt when the business information to be checked deviates the preset reference range by network shunt device, to handle abnormal point in time, guarantee the efficient operation of system.
Description
Technical field
The present invention relates to technical field of network security more particularly to a kind of method for monitoring network, equipment, storage medium and dresses
It sets.
Background technique
It in the prior art, is all artificial progress business combing, low efficiency, and operation flow reality for operation flow in the industry
Shi Douhui changes with business, can not quickly track, and leads to that abnormal point cannot be handled in time, running effect is poor.Therefore, such as
What realizes the real-time tracing to operation flow, and timely processing system abnormal point is a technical problem to be solved urgently.
Above content is only used to facilitate the understanding of the technical scheme, and is not represented and is recognized that above content is existing skill
Art.
Summary of the invention
The main purpose of the present invention is to provide a kind of method for monitoring network, equipment, storage medium and devices, it is intended to solve
In the prior art can not in time processing system abnormal point the technical issues of.
To achieve the above object, the present invention provides a kind of method for monitoring network, and the method for monitoring network includes following step
It is rapid:
Service inquiry instruction is received, extracts operation flow to be checked from service inquiry instruction;
Network data flow is acquired by network shunt device, is extracted from the network data flow and the business to be checked
The corresponding business information to be checked of process;
Judge whether the business information to be checked deviates preset reference range;
If the business information to be checked deviates the preset reference range, alarm prompt is carried out.
Preferably, if the business information to be checked deviates the preset reference range, carry out alarm prompt it
Afterwards, the method for monitoring network further include:
First is extracted from the business information to be checked and applies mutual message information, to the first application interaction report
Literary information is parsed, and is obtained the operation flow to be checked and is carried out when interface calling between corresponding first application server
First call relation;
Abnormal application server is positioned according to first call relation.
Preferably, described to extract first from the business information to be checked and apply mutual message information, to described the
One is parsed using mutual message information, is obtained the operation flow to be checked and is carried out corresponding first application when interface calling
The first call relation between server, comprising:
First is extracted from the business information to be checked and applies mutual message information, from the first application interaction report
The internet protocol address of the first source network protocol address and the first mesh is extracted in literary information;
The industry to be checked is determined according to the internet protocol address of the first source network protocol address and first mesh
Process of being engaged in carries out the first call relation when interface calling between corresponding first application server.
It is preferably, described that abnormal application server is positioned according to first call relation, comprising:
The application MAC Address that the first application mutual message information is extracted from the business information to be checked is got the bid
The timestamp of note;
Abnormal application server is positioned according to the timestamp and first call relation.
Preferably, described to extract first from the business information to be checked and apply mutual message information, to described the
One is parsed using mutual message information, is obtained the operation flow to be checked and is carried out corresponding first application when interface calling
After the first call relation between server, the method for monitoring network further include:
It is constructed in the operation flow to be checked according to the business information to be checked and first call relation and is respectively walked
Step call relation between rapid;
It is each in the operation flow to be checked from being searched in the business information to be checked according to the step call relation
Step business datum corresponding to step;
First call relation, the step call relation and the step business datum are shown.
Preferably, if the business information to be checked deviates the preset reference range, carry out alarm prompt it
Afterwards, the method for monitoring network further include:
Trace instruction is received, target user's mark is extracted from the trace instruction;
The target service information including target user's mark, the target service information are searched from the network data flow
For the target user identify corresponding target user's performance objective operation flow when it is produced;
Second is extracted from the target service information and applies mutual message information, applies mutual message to described second
Information is parsed, and second when the target service process progress interface calling between corresponding second application server is obtained
Call relation;
Second call relation is shown, so that second call relation visualizes.
Preferably, described that second is extracted from the target service information using mutual message information, to described second
It is parsed using mutual message information, obtains the target service process and carry out corresponding second application service when interface calling
The second call relation between device, comprising:
Second is extracted from the target service information and applies mutual message information, applies mutual message from described second
The internet protocol address of the second source network protocol address and the second mesh is extracted in information;
The target service is determined according to the internet protocol address of the second source network protocol address and second mesh
Process carries out the second call relation when interface calling between corresponding second application server.
In addition, to achieve the above object, the present invention also proposes that a kind of network monitoring device, the network monitoring device include
Memory, processor and it is stored in the network monitoring program that can be run on the memory and on the processor, the net
Network monitoring programme is arranged for carrying out the step of method for monitoring network as described above.
In addition, to achieve the above object, the present invention also proposes a kind of storage medium, network is stored on the storage medium
The step of monitoring programme, the network monitoring program realizes method for monitoring network as described above when being executed by processor.
In addition, to achieve the above object, the present invention also proposes a kind of network monitoring apparatus, the network monitoring apparatus packet
It includes: extraction module, acquisition module, judgment module and alarm module;
The extraction module extracts industry to be checked from service inquiry instruction for receiving service inquiry instruction
Business process;
The acquisition module is extracted from the network data flow for acquiring network data flow by network shunt device
Business information to be checked corresponding with the operation flow to be checked out;
The judgment module, for judging whether the business information to be checked deviates preset reference range;
The alarm module is alerted if deviateing the preset reference range for the business information to be checked
Prompt.
In the present invention, service inquiry instruction is received, operation flow to be checked is extracted from service inquiry instruction, leads to
Network shunt device acquisition network data flow is crossed, is extracted from the network data flow corresponding with the operation flow to be checked
Business information to be checked realizes real time monitoring operation flow state;Judge whether the business information to be checked deviates default base
Quasi- range carries out alarm prompt if the business information to be checked deviates the preset reference range, different to handle in time
Chang Dian guarantees the efficient operation of system.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of the network monitoring device for the hardware running environment that the embodiment of the present invention is related to;
Fig. 2 is the flow diagram of inventive network monitoring method first embodiment;
Fig. 3 is the flow diagram of inventive network monitoring method second embodiment;
Fig. 4 is the flow diagram of inventive network monitoring method 3rd embodiment;
Fig. 5 is the structural block diagram of inventive network monitoring device first embodiment.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
Referring to Fig.1, Fig. 1 is the network monitoring device structural representation for the hardware running environment that the embodiment of the present invention is related to
Figure.
As shown in Figure 1, the network monitoring device may include: processor 1001, such as central processing unit (Central
Processing Unit, CPU), communication bus 1002, user interface 1003, network interface 1004, memory 1005.Wherein,
Communication bus 1002 is for realizing the connection communication between these components.User interface 1003 may include display screen
(Display), optional user interface 1003 can also include standard wireline interface and wireless interface, for user interface 1003
Wireline interface in the present invention can be USB interface.Network interface 1004 optionally may include the wireline interface, wireless of standard
Interface (such as Wireless Fidelity (WIreless-FIdelity, WI-FI) interface).Memory 1005 can be the arbitrary access of high speed
Memory (Random Access Memory, RAM) memory, is also possible to stable memory (Non-volatile
Memory, NVM), such as magnetic disk storage.Memory 1005 optionally can also be the storage independently of aforementioned processor 1001
Device.
It will be understood by those skilled in the art that structure shown in Fig. 1 does not constitute the restriction to network monitoring device, it can
To include perhaps combining certain components or different component layouts than illustrating more or fewer components.
As shown in Figure 1, regarding as in the memory 1005 of computer storage medium a kind of may include operating system, network
Communication module, Subscriber Interface Module SIM and network monitoring program.
In network monitoring device shown in Fig. 1, network interface 1004 is mainly used for connecting background server, after described
Platform server carries out data communication;User interface 1003 is mainly used for connecting user equipment;The network monitoring device passes through place
Reason device 1001 calls the network monitoring program stored in memory 1005, and executes network monitoring side provided in an embodiment of the present invention
Method.
Based on above-mentioned hardware configuration, the embodiment of inventive network monitoring method is proposed.
It is the flow diagram of inventive network monitoring method first embodiment referring to Fig. 2, Fig. 2, proposes inventive network
Monitoring method first embodiment.
In the first embodiment, the method for monitoring network the following steps are included:
Step S10: receiving service inquiry instruction, extracts operation flow to be checked from service inquiry instruction.
It will be appreciated that the executing subject of the present embodiment is the network monitoring device, wherein the network monitoring device
It can be the electronic equipments such as PC or server.By the way that network shunt device (TAP) is added in the network topology of data center
Equipment, the network shunt device equipment are the separators of a non-intrusion type, be mounted on data center application server and
Between network, TAP equipment acquires the network data flow that the application server sends or receives, same on independent designated lane
When transmit the network data flow that the application server sends or receives, it is ensured that all network data flows arrive in real time
Up to the network monitoring device.
It should be noted that the network data flow that the network monitoring device is acquired by the network shunt device,
The real time monitoring to operation flow state is realized, when needs analyze the operation flow state, if there are abnormal points
When, it can be user equipment transmission by triggering service inquiry instruction, the service inquiry instruction, it is fixed to be also possible to backstage
When trigger, the operation flow to be checked inquired will be needed to instruct by the service inquiry and be sent to the network monitoring
Equipment.
Step S20: by network shunt device acquire network data flow, extracted from the network data flow with it is described to
The corresponding business information to be checked of inquiry business process.
It should be understood that the business to be checked is when being executed, when carrying out routine call, can be transmitted when interface calls
The business information to be checked leaves the traces letters such as operation system, operation flow state and client's application in network transmission
Breath, the network shunt device can acquire all network data flows, then can extract institute from the network data flow
State the corresponding business information to be checked of operation flow to be checked.The operation flow to be checked generally includes unique stream to be checked
Perhaps process name to be checked can extract the letter including the process identification to be checked or process name to be checked to journey mark
Breath, as the business information to be checked.
It will be appreciated that including usually setting service product in the network data flow, currently executing operation system, business
The status informations such as type, flow nodes name, flow state, customer status and customer ID.The status information is being applied
It carries out burying a little in program.Point analysis is buried, is a kind of common collecting method of web analytics.Data are buried a little to can be and produced
Product, service conversion key point are implanted into statistics codes, ensure that data acquisition does not repeat (such as application button clicking rate) according to its independent ID;
It can also be implantation multistage code, track serial behavior of the user on each interface of platform, (such as beaten independently of each other between event
Open loan product details page-selection loan product-application loan product);It is also possible to affiliated company's engineering, data warehouse technology
(Extract-Transform-Load, abridge ETL) collection analysis user's full dose behavior, establishes user's portrait, also original subscriber's row
Basis for model, as product analysis, optimization.It is a little a kind of privatization deployment data acquisition modes that data, which are buried,.Data acquisition
Accurately, the demand realized product, service rapid Optimum iteration.
Step S30: judge whether the business information to be checked deviates preset reference range.
In the concrete realization, operation system stable operation for a period of time, the various industry of stable operation can be calculated
The corresponding preset reference range of process of being engaged in.Then can by by the business information to be checked and the preset reference range into
Row compares, thus it is whether stable when judging that system runs the operation flow to be checked by the business information to be checked, it can
All operation flows in operation system are monitored in real time.If the business information to be checked deviates the preset reference
Range illustrates that the operation flow to be checked has exception in the process of running, if the business information to be checked is not inclined
From the preset reference range, illustrate that the operation flow to be checked is normal in operational process.
Step S40: if the business information to be checked deviates the preset reference range, alarm prompt is carried out.
If should be understood that, the business information to be checked deviates the preset reference range, illustrates described to be checked
It askes operation flow and there is exception in the process of running, issue alarm prompt at this time, can abnormal point be positioned and be located in time
Reason solves exception, so that system restores normal operating condition as early as possible.
Such as: it can monitor in real time nearest 1 minute, user successfully applies for the quantity of A service product, the business to be checked
Process is that successfully application A service product can handle successfully application A service product for 1 minute when the operation system operates normally
Quantity be 100 ± 20%, i.e., described preset reference range is 80-120 part, if extracting from the network data flow
Success applies for that the quantity of A service product is 70, and the preset reference range of 70 deviation 80-120 parts then carries out alarm prompt.
It can also monitor that nearest 1 minute how many service product has carried out operation of making loans in real time, how much is success rate;Current each business system
Whether system interface has network delay, postpones several seconds.
In the first embodiment, service inquiry instruction is received, extracts business to be checked from service inquiry instruction
Process acquires network data flow by network shunt device, extracts from the network data flow and the Business Stream to be checked
The corresponding business information to be checked of journey realizes real time monitoring operation flow state;Judge whether the business information to be checked is inclined
From preset reference range, if the business information to be checked deviates the preset reference range, carry out alarm prompt, so as to and
When handle abnormal point, guarantee the efficient operation of system.
It is the flow diagram of inventive network monitoring method second embodiment referring to Fig. 3, Fig. 3, based on shown in above-mentioned Fig. 2
First embodiment, propose inventive network monitoring method second embodiment.
In a second embodiment, after the step S40, further includes:
Step S50: first is extracted from the business information to be checked and applies mutual message information, is answered described first
It is parsed with mutual message information, obtains the operation flow to be checked and carry out corresponding first application service when interface calling
The first call relation between device.
It will be appreciated that available all current data centers real-time network data in the network monitoring device
Stream.By parsing to the network data flow, i.e., the application mutual message information transmitted between parsing application server can
To obtain the various network interactions and call relation in the operation system between each application server.
In the concrete realization, the business information to be checked includes: service product, currently executes operation system, business kind
At least one of in the information such as class, flow nodes name, flow state, customer status or customer ID.It can be from the industry to be checked
The first application mutual message information is extracted in business information, described first applies in message information including the first source network agreement
The internet protocol address of location and the first mesh, can by the network protocol of the first source network protocol address and first mesh
Location determines the source and place to go of the business information to be checked, and then determines that the operation flow to be checked carries out interface calling
When corresponding first application server between the first call relation, to be realized to the state of the operation flow to be checked real
When monitor.In the present embodiment, the step S50, comprising: the first application interaction report is extracted from the business information to be checked
Literary information extracts the network protocol of the first source network protocol address and the first mesh from the first application mutual message information
Address;The Business Stream to be checked is determined according to the internet protocol address of the first source network protocol address and first mesh
First call relation of journey when being called into line interface between corresponding first application server.
In a second embodiment, after the step S50, further includes:
It is constructed in the operation flow to be checked according to the business information to be checked and first call relation and is respectively walked
Step call relation between rapid;
It is each in the operation flow to be checked from being searched in the business information to be checked according to the step call relation
Step business datum corresponding to step;
First call relation, the step call relation and the step business datum are shown.
It will be appreciated that the operation flow to be checked generally includes multiple steps, each step is in the process of implementation
It needs to carry out interface calling and generates step business datum corresponding to each step, entire operation flow to be checked executes to be produced when completing
Raw all step business datums constitute the business information to be checked, then can be by the business information to be checked according to
First call relation combs out the step call relation in the operation flow to be checked between each step.In order to more intuitively look into
See the step business datum that step call relation and each step in the operation flow to be checked between each step generate,
The extraction that the business information to be checked can be carried out to information according to the step call relation, so that it is corresponding to extract each step
Step business datum.First call relation, the step call relation and the step business datum are shown,
Any one steps flow chart information visuallization can be realized, convenient for quickly positioning abnormal application server.
Step S60: abnormal application server is positioned according to first call relation.
It should be noted that if the business information to be checked deviates the preset reference range, illustrate it is described to
There is exception in inquiry business process, then can be by first call relation to the operation flow to be checked in the process of running
First application server called in the process of implementation is checked, to position which two first abnormal process appear in
Between application server, two the first application servers that abnormal process is occurred then may be used as the abnormal application server
To between the operation flow to be checked in the process of implementation involved abnormal application server called program,
Called interface, network, network packet and described abnormal application server etc. are detected, so as to appearance exception and
Shi Jinhang processing, guarantee system restore normal operating condition as early as possible.
It should be understood that usually the TAP equipment is to the network data flow of acquisition using the MAC in message information
Address is exported after marking the timestamp of nanosecond.The function of timestamp is mainly used in the TAP equipment for user
Service link carries out the environment of multipoint acquisition, once find that the web experience of certain moment users is slack-off, it can be to each section
The collected network data flow of point stamps timestamp, and assisting the judgement of back-end analysis equipment is specifically to turn between which node
Hair delay is larger, to achieve the purpose that quick fault location.In the present embodiment, the step S60, comprising: from it is described to
Described first is extracted in inquiry business information using mutual message information using the timestamp marked in MAC Address;According to
The timestamp and first call relation position abnormal application server.
In a second embodiment, first is extracted from the business information to be checked and applies mutual message information, to institute
It states first to be parsed using mutual message information, obtains the operation flow to be checked and carry out corresponding first when interface calling
The first call relation between application server realizes real time monitoring to the state of the operation flow to be checked, according to described
First call relation positions abnormal application server, reduces abnormal investigation range, to be handled in time the exception of appearance,
Guarantee that operation system restores normal operating condition as early as possible.
It is the flow diagram of inventive network monitoring method 3rd embodiment referring to Fig. 4, Fig. 4, is based on first embodiment
With second embodiment propose inventive network monitoring method 3rd embodiment, in the present embodiment, based on first embodiment into
Row explanation.
In the third embodiment, after the step S40, further includes:
Step S70: receiving trace instruction, and target user's mark is extracted from the trace instruction.
It will be appreciated that can trigger trace instruction in order to which master goal user operates in the whole process of the operation system,
The trace instruction can be user's triggering, be also possible to background server clocked flip, when needs use the target
It, can be corresponding by the target user for needing to track by triggering the trace instruction when whole process operation at family is monitored
The target user identify the network monitoring device be sent to by the trace instruction.
Step S80: the target service information including target user's mark, the target are searched from the network data flow
Business information is produced when being the target user corresponding target user's performance objective operation flow of mark.
It should be understood that the target user is when executing operation flow, when carrying out program in operation flow implementation procedure
When calling, the generated corresponding target service information when target service process executed can be transmitted when interface calls,
The mark informations such as operation system, operation flow state and user's application, the network shunt device energy are left in network transmission
All network data flows are enough acquired, then it is corresponding can to extract the target service process from the network data flow
The target service information.The target service process generally includes unique target process identification or target process name,
The extractable information including the target process identification or target process name out, as the target service information.
Step S90: extracting second from the target service information and apply mutual message information, to second application
Mutual message information is parsed, obtain the target service process carry out when interface calling corresponding second application server it
Between the second call relation.
It should be noted that available all current data centers real-time network data in the network monitoring device
Stream.By parsing to the network data flow, i.e., the application mutual message information transmitted between parsing application server can
To obtain the various network interactions and call relation in the operation system between each application server.
In the concrete realization, second can be extracted from the target service information applies mutual message information, described the
Include the internet protocol address of the second source network protocol address and the second mesh in two application message informations, second source can be passed through
Internet protocol address and the internet protocol address of second mesh determine the source and place to go of the target service information, and then really
The second call relation when the target service process progress interface calling between corresponding second application server is made, thus
Real time monitoring is realized to the state of the target service process.In the present embodiment, the step S90, comprising: from the target industry
Second is extracted in business information and applies mutual message information, extracts the second source net from the second application mutual message information
The internet protocol address of network protocol address and the second mesh;According to the network of the second source network protocol address and second mesh
Protocol address determines the second calling when the target service process carries out interface calling between corresponding second application server
Relationship.
Step S100: second call relation is shown, so that second call relation visualizes.
It will be appreciated that in order to more intuitively check second call relation, convenient for monitoring the industry of the target user
Business flow state, second call relation can be drawn out be shown, so that second call relation visualizes, energy
It is enough to be analyzed in the corresponding target service process of the target user according to second call relation with the presence or absence of because of system
Situations such as business application caused by failure fails improves user experience to be handled in time.
In the third embodiment, trace instruction is received, target user's mark is extracted from the trace instruction, from described
The target service information including target user's mark is searched in network data flow, the target service information is the target user
It identifies produced when corresponding target user's performance objective operation flow, extracts the second application from the target service information
Mutual message information is parsed to described second using mutual message information, is obtained the target service process and is carried out interface
Second call relation is shown by the second call relation when calling between corresponding second application server, so that
The second call relation visualization analyzes the corresponding target service of the target user according to second call relation
Situations such as business application fails caused by whether there is in process because of the system failure improves user's body to be handled in time
It tests.
In addition, the embodiment of the present invention also proposes a kind of storage medium, network monitoring program is stored on the storage medium,
The step of network monitoring program realizes method for monitoring network as described above when being executed by processor.
In addition, the embodiment of the present invention also proposes that a kind of network monitoring apparatus, the network monitoring apparatus include: referring to Fig. 5
Extraction module 10, acquisition module 20, judgment module 30 and alarm module 40;
The extraction module 10 extracts to be checked for receiving service inquiry instruction from service inquiry instruction
Operation flow;
The acquisition module 20 is mentioned from the network data flow for acquiring network data flow by network shunt device
Take out business information to be checked corresponding with the operation flow to be checked;
The judgment module 30, for judging whether the business information to be checked deviates preset reference range;
The alarm module 40 is accused if deviateing the preset reference range for the business information to be checked
Alert prompt.
It will be appreciated that the executing subject of the present embodiment is the network monitoring device, wherein the network monitoring device
It can be the electronic equipments such as PC or server.By the way that network shunt device (TAP) is added in the network topology of data center
Equipment, the network shunt device equipment are the separators of a non-intrusion type, be mounted on data center application server and
Between network, TAP equipment acquires the network data flow that the application server sends or receives, same on independent designated lane
When transmit the network data flow that the application server sends or receives, it is ensured that all network data flows arrive in real time
Up to the network monitoring device.
It should be noted that the network data flow that the network monitoring device is acquired by the network shunt device,
The real time monitoring to operation flow state is realized, when needs analyze the operation flow state, if there are abnormal points
When, it can be user equipment transmission by triggering service inquiry instruction, the service inquiry instruction, it is fixed to be also possible to backstage
When trigger, the operation flow to be checked inquired will be needed to instruct by the service inquiry and be sent to the network monitoring
Equipment.
It should be understood that the business to be checked is when being executed, when carrying out routine call, can be transmitted when interface calls
The business information to be checked leaves the traces letters such as operation system, operation flow state and client's application in network transmission
Breath, the network shunt device can acquire all network data flows, then can extract institute from the network data flow
State the corresponding business information to be checked of operation flow to be checked.The operation flow to be checked generally includes unique stream to be checked
Perhaps process name to be checked can extract the letter including the process identification to be checked or process name to be checked to journey mark
Breath, as the business information to be checked.
It will be appreciated that including usually setting service product in the network data flow, currently executing operation system, business
The status informations such as type, flow nodes name, flow state, customer status and customer ID.The status information is being applied
It carries out burying a little in program.Point analysis is buried, is a kind of common collecting method of web analytics.Data are buried a little to can be and produced
Product, service conversion key point are implanted into statistics codes, ensure that data acquisition does not repeat (such as application button clicking rate) according to its independent ID;
It can also be implantation multistage code, track serial behavior of the user on each interface of platform, (such as beaten independently of each other between event
Open loan product details page-selection loan product-application loan product);It is also possible to affiliated company's engineering, data warehouse technology
(Extract-Transform-Load, abridge ETL) collection analysis user's full dose behavior, establishes user's portrait, also original subscriber's row
Basis for model, as product analysis, optimization.It is a little a kind of privatization deployment data acquisition modes that data, which are buried,.Data acquisition
Accurately, the demand realized product, service rapid Optimum iteration.
In the concrete realization, operation system stable operation for a period of time, the various industry of stable operation can be calculated
The corresponding preset reference range of process of being engaged in.Then can by by the business information to be checked and the preset reference range into
Row compares, thus it is whether stable when judging that system runs the operation flow to be checked by the business information to be checked, it can
All operation flows in operation system are monitored in real time.If the business information to be checked deviates the preset reference
Range illustrates that the operation flow to be checked has exception in the process of running, if the business information to be checked is not inclined
From the preset reference range, illustrate that the operation flow to be checked is normal in operational process.
If should be understood that, the business information to be checked deviates the preset reference range, illustrates described to be checked
It askes operation flow and there is exception in the process of running, issue alarm prompt at this time, can abnormal point be positioned and be located in time
Reason solves exception, so that system restores normal operating condition as early as possible.
Such as: it can monitor in real time nearest 1 minute, user successfully applies for the quantity of A service product, the business to be checked
Process is that successfully application A service product can handle successfully application A service product for 1 minute when the operation system operates normally
Quantity be 100 ± 20%, i.e., described preset reference range is 80-120 part, if extracting from the network data flow
Success applies for that the quantity of A service product is 70, and the preset reference range of 70 deviation 80-120 parts then carries out alarm prompt.
It can also monitor that nearest 1 minute how many service product has carried out operation of making loans in real time, how much is success rate;Current each business system
Whether system interface has network delay, postpones several seconds.
In the present embodiment, service inquiry instruction is received, extracts Business Stream to be checked from service inquiry instruction
Journey acquires network data flow by network shunt device, extracts from the network data flow and the operation flow to be checked
Corresponding business information to be checked realizes real time monitoring operation flow state;Judge whether the business information to be checked deviates
Preset reference range carries out alarm prompt, if the business information to be checked deviates the preset reference range so as to timely
Abnormal point is handled, guarantees the efficient operation of system.
In one embodiment, the network monitoring apparatus further include: parsing module and locating module;
The parsing module applies mutual message information for extracting first from the business information to be checked, right
Described first is parsed using mutual message information, is obtained the operation flow to be checked and is carried out corresponding the when interface calling
The first call relation between one application server;
The locating module, for positioning abnormal application server according to first call relation.
In one embodiment, the network monitoring apparatus further include: determining module;
The extraction module 10 is also used to extract the first application mutual message from the business information to be checked and believes
Breath, the network protocol of the first source network protocol address and the first mesh is extracted from the first application mutual message information
Location;
The determining module, for the internet protocol address according to the first source network protocol address and first mesh
Determine that the operation flow to be checked carries out the first call relation when interface calling between corresponding first application server.
In one embodiment, the extraction module 10 is also used to extract described from the business information to be checked
One application mutual message information using the timestamp marked in MAC Address;
The locating module is also used to position abnormal application service according to the timestamp and first call relation
Device.
In one embodiment, the network monitoring apparatus further include: building module, searching module and display module;
The building module, for described to be checked according to the business information to be checked and first call relation building
Ask the step call relation in operation flow between each step;
The searching module, for described in being searched from the business information to be checked according to the step call relation to
Step business datum corresponding to each step in inquiry business process;
The display module is used for first call relation, the step call relation and the step business number
According to being shown.
In one embodiment, the extraction module 10, is also used to receive trace instruction, extracts from the trace instruction
Target user's mark;
The searching module is also used to search the target service letter including target user's mark from the network data flow
Breath, the target service information are produced when being the target user corresponding target user's performance objective operation flow of mark;
The parsing module is also used to extract second from the target service information and applies mutual message information, right
Described second is parsed using mutual message information, is obtained the target service process and is carried out corresponding second when interface calling
The second call relation between application server;
Second call relation is shown, so that second call relation visualizes.
In one embodiment, the extraction module 10 is also used to extract the second application from the target service information
Mutual message information extracts the net of the second source network protocol address and the second mesh from the second application mutual message information
Network protocol address;
The determining module, with being also used to the network protocol according to the second source network protocol address and second mesh
Location determines the second call relation when the target service process carries out interface calling between corresponding second application server.
The other embodiments or specific implementation of network monitoring apparatus of the present invention can refer to above-mentioned each method and implement
Example, details are not described herein again.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or the system that include a series of elements not only include those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
There is also other identical elements in the process, method of element, article or system.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.If listing equipment for drying
Unit claim in, several in these devices, which can be, to be embodied by the same item of hardware.Word first,
Second and the use of third etc. do not indicate any sequence, can be title by these word explanations.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in a storage medium
(such as read-only memory mirror image (Read Only Memory image, ROM)/random access memory (Random Access
Memory, RAM), magnetic disk, CD) in, including some instructions are used so that terminal device (can be mobile phone, computer,
Server, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of method for monitoring network, which is characterized in that the method for monitoring network the following steps are included:
Service inquiry instruction is received, extracts operation flow to be checked from service inquiry instruction;
Network data flow is acquired by network shunt device, is extracted from the network data flow and the operation flow to be checked
Corresponding business information to be checked;
Judge whether the business information to be checked deviates preset reference range;
If the business information to be checked deviates the preset reference range, alarm prompt is carried out.
2. method for monitoring network as described in claim 1, which is characterized in that if the business information to be checked deviates institute
State preset reference range, then after carrying out alarm prompt, the method for monitoring network further include:
First is extracted from the business information to be checked and applies mutual message information, and the first application mutual message is believed
Breath is parsed, and first when the operation flow progress interface calling to be checked between corresponding first application server is obtained
Call relation;
Abnormal application server is positioned according to first call relation.
3. method for monitoring network as claimed in claim 2, which is characterized in that described to be extracted from the business information to be checked
First mutual message information is applied out, is parsed to described first using mutual message information, obtain the business to be checked
Process carries out the first call relation when interface calling between corresponding first application server, comprising:
First is extracted from the business information to be checked and applies mutual message information, is believed from the first application mutual message
The internet protocol address of the first source network protocol address and the first mesh is extracted in breath;
The Business Stream to be checked is determined according to the internet protocol address of the first source network protocol address and first mesh
First call relation of journey when being called into line interface between corresponding first application server.
4. method for monitoring network as claimed in claim 2, which is characterized in that described different according to first call relation positioning
Normal application server, comprising:
Extract from the business information to be checked the first application mutual message information using being marked in MAC Address
Timestamp;
Abnormal application server is positioned according to the timestamp and first call relation.
5. method for monitoring network as claimed in claim 2, which is characterized in that described to be extracted from the business information to be checked
First mutual message information is applied out, is parsed to described first using mutual message information, obtain the business to be checked
After process carries out the first call relation when interface calling between corresponding first application server, the method for monitoring network
Further include:
According to the business information to be checked and first call relation construct in the operation flow to be checked each step it
Between step call relation;
According to the step call relation from searching each step in the operation flow to be checked in the business information to be checked
Corresponding step business datum;
First call relation, the step call relation and the step business datum are shown.
6. the method for monitoring network as described in any one of claims 1 to 5, which is characterized in that if the industry to be checked
Information of being engaged in deviates the preset reference range, then after carrying out alarm prompt, the method for monitoring network further include:
Trace instruction is received, target user's mark is extracted from the trace instruction;
The target service information including target user's mark is searched from the network data flow, the target service information is institute
It states produced when target user's corresponding target user's performance objective operation flow of mark;
Second is extracted from the target service information and applies mutual message information, applies mutual message information to described second
It is parsed, obtains the second calling when the target service process progress interface calling between corresponding second application server
Relationship;
Second call relation is shown, so that second call relation visualizes.
7. method for monitoring network as claimed in claim 6, which is characterized in that described to be extracted from the target service information
Second applies mutual message information, parses to described second using mutual message information, obtains the target service process
Carry out the second call relation when interface calling between corresponding second application server, comprising:
Second is extracted from the target service information and applies mutual message information, applies mutual message information from described second
In extract the internet protocol address of the second source network protocol address and the second mesh;
The target service process is determined according to the internet protocol address of the second source network protocol address and second mesh
Carry out the second call relation when interface calling between corresponding second application server.
8. a kind of network monitoring device, which is characterized in that the network monitoring device includes: memory, processor and is stored in
On the memory and the network monitoring program that can run on the processor, the network monitoring program is by the processor
The step of method for monitoring network as described in any one of claims 1 to 7 is realized when execution.
9. a kind of storage medium, which is characterized in that be stored with network monitoring program, the network monitoring journey on the storage medium
The step of method for monitoring network as described in any one of claims 1 to 7 is realized when sequence is executed by processor.
10. a kind of network monitoring apparatus, which is characterized in that the network monitoring apparatus includes: extraction module, acquisition module, sentences
Disconnected module and alarm module;
The extraction module extracts Business Stream to be checked from service inquiry instruction for receiving service inquiry instruction
Journey;
The acquisition module, for by network shunt device acquire network data flow, extracted from the network data flow with
The corresponding business information to be checked of the operation flow to be checked;
The judgment module, for judging whether the business information to be checked deviates preset reference range;
The alarm module carries out alarm prompt if deviateing the preset reference range for the business information to be checked.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811128721.5A CN109672583A (en) | 2018-09-25 | 2018-09-25 | Method for monitoring network, equipment, storage medium and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811128721.5A CN109672583A (en) | 2018-09-25 | 2018-09-25 | Method for monitoring network, equipment, storage medium and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109672583A true CN109672583A (en) | 2019-04-23 |
Family
ID=66141960
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811128721.5A Pending CN109672583A (en) | 2018-09-25 | 2018-09-25 | Method for monitoring network, equipment, storage medium and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109672583A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110753364A (en) * | 2019-10-29 | 2020-02-04 | 咪咕音乐有限公司 | Network monitoring method, system, electronic device and storage medium |
| CN110795264A (en) * | 2019-10-14 | 2020-02-14 | 杭州海兴电力科技股份有限公司 | Monitoring management method and system and intelligent management terminal |
| CN111464390A (en) * | 2020-03-31 | 2020-07-28 | 中国建设银行股份有限公司 | Network application system monitoring and early warning method and system |
| CN111654414A (en) * | 2020-05-27 | 2020-09-11 | 华青融天(北京)软件股份有限公司 | Application system monitoring method and device and electronic equipment |
| CN112102076A (en) * | 2020-11-09 | 2020-12-18 | 成都数联铭品科技有限公司 | Comprehensive risk early warning system of platform |
| CN113242158A (en) * | 2021-05-10 | 2021-08-10 | 上海华讯网络系统有限公司 | Real-time monitoring method and system based on switch hardware timestamp |
| CN113297357A (en) * | 2021-07-27 | 2021-08-24 | 北京健康之家科技有限公司 | Asynchronous processing method and device for business process data |
| CN113407504A (en) * | 2021-06-15 | 2021-09-17 | 中科曙光国际信息产业有限公司 | Data processing method, user space file system and storage medium |
| CN114200894A (en) * | 2020-09-17 | 2022-03-18 | 上海骞行信息科技有限公司 | PLC production line holographic monitoring system based on network flow analysis |
| CN114760221A (en) * | 2022-03-31 | 2022-07-15 | 深信服科技股份有限公司 | Service monitoring method, system and storage medium |
| CN115016976A (en) * | 2022-08-08 | 2022-09-06 | 深圳壹师城科技有限公司 | Root cause positioning method, device, equipment and storage medium |
| CN115484188A (en) * | 2021-06-16 | 2022-12-16 | 中国移动通信集团广东有限公司 | TAP device monitoring method and system, electronic device and readable storage medium |
| CN116760741A (en) * | 2023-08-15 | 2023-09-15 | 太平金融科技服务(上海)有限公司深圳分公司 | Data state monitoring method, device, equipment and medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104636237A (en) * | 2015-01-19 | 2015-05-20 | 上海新炬网络信息技术有限公司 | Monitoring method for Web application system service performance based on Java platform |
| US9251026B2 (en) * | 2012-03-31 | 2016-02-02 | Bmc Software, Inc. | Application instrumentation code extension |
| CN106254317A (en) * | 2016-07-21 | 2016-12-21 | 柳州龙辉科技有限公司 | A kind of data security exception monitoring system |
| CN106789442A (en) * | 2017-01-12 | 2017-05-31 | 上海新炬网络信息技术有限公司 | LAN client performance analysis method based on data on flows |
-
2018
- 2018-09-25 CN CN201811128721.5A patent/CN109672583A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9251026B2 (en) * | 2012-03-31 | 2016-02-02 | Bmc Software, Inc. | Application instrumentation code extension |
| CN104636237A (en) * | 2015-01-19 | 2015-05-20 | 上海新炬网络信息技术有限公司 | Monitoring method for Web application system service performance based on Java platform |
| CN106254317A (en) * | 2016-07-21 | 2016-12-21 | 柳州龙辉科技有限公司 | A kind of data security exception monitoring system |
| CN106789442A (en) * | 2017-01-12 | 2017-05-31 | 上海新炬网络信息技术有限公司 | LAN client performance analysis method based on data on flows |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110795264A (en) * | 2019-10-14 | 2020-02-14 | 杭州海兴电力科技股份有限公司 | Monitoring management method and system and intelligent management terminal |
| CN110753364A (en) * | 2019-10-29 | 2020-02-04 | 咪咕音乐有限公司 | Network monitoring method, system, electronic device and storage medium |
| CN110753364B (en) * | 2019-10-29 | 2023-09-05 | 咪咕音乐有限公司 | Network monitoring method, system, electronic equipment and storage medium |
| CN111464390B (en) * | 2020-03-31 | 2022-06-10 | 中国建设银行股份有限公司 | Network application system monitoring and early warning method and system |
| CN111464390A (en) * | 2020-03-31 | 2020-07-28 | 中国建设银行股份有限公司 | Network application system monitoring and early warning method and system |
| CN111654414A (en) * | 2020-05-27 | 2020-09-11 | 华青融天(北京)软件股份有限公司 | Application system monitoring method and device and electronic equipment |
| CN114200894B (en) * | 2020-09-17 | 2024-05-28 | 上海骞行信息科技有限公司 | PLC production line holographic monitoring system based on network flow analysis |
| CN114200894A (en) * | 2020-09-17 | 2022-03-18 | 上海骞行信息科技有限公司 | PLC production line holographic monitoring system based on network flow analysis |
| CN112102076A (en) * | 2020-11-09 | 2020-12-18 | 成都数联铭品科技有限公司 | Comprehensive risk early warning system of platform |
| CN113242158A (en) * | 2021-05-10 | 2021-08-10 | 上海华讯网络系统有限公司 | Real-time monitoring method and system based on switch hardware timestamp |
| CN113242158B (en) * | 2021-05-10 | 2022-11-29 | 上海华讯网络系统有限公司 | Real-time monitoring method and system based on switch hardware timestamp |
| CN113407504A (en) * | 2021-06-15 | 2021-09-17 | 中科曙光国际信息产业有限公司 | Data processing method, user space file system and storage medium |
| CN115484188A (en) * | 2021-06-16 | 2022-12-16 | 中国移动通信集团广东有限公司 | TAP device monitoring method and system, electronic device and readable storage medium |
| CN113297357A (en) * | 2021-07-27 | 2021-08-24 | 北京健康之家科技有限公司 | Asynchronous processing method and device for business process data |
| CN114760221A (en) * | 2022-03-31 | 2022-07-15 | 深信服科技股份有限公司 | Service monitoring method, system and storage medium |
| CN114760221B (en) * | 2022-03-31 | 2024-02-23 | 深信服科技股份有限公司 | Service monitoring method, system and storage medium |
| CN115016976A (en) * | 2022-08-08 | 2022-09-06 | 深圳壹师城科技有限公司 | Root cause positioning method, device, equipment and storage medium |
| CN115016976B (en) * | 2022-08-08 | 2022-11-25 | 深圳壹师城科技有限公司 | Root cause positioning method, device, equipment and storage medium |
| CN116760741A (en) * | 2023-08-15 | 2023-09-15 | 太平金融科技服务(上海)有限公司深圳分公司 | Data state monitoring method, device, equipment and medium |
| CN116760741B (en) * | 2023-08-15 | 2023-11-07 | 太平金融科技服务(上海)有限公司深圳分公司 | Data state monitoring method, device, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109672583A (en) | Method for monitoring network, equipment, storage medium and device | |
| CN107508722B (en) | Service monitoring method and device | |
| CN105159964A (en) | Log monitoring method and system | |
| CN108737182A (en) | The processing method and system of system exception | |
| CN109669795B (en) | Crash information processing method and device | |
| CN107957940B (en) | Test log processing method, system and terminal | |
| CN107958337A (en) | A kind of information resources visualize mobile management system | |
| CN109672582A (en) | Complete trails monitoring method, equipment, storage medium and device | |
| CN109656792A (en) | Applied performance analysis method, apparatus, computer equipment and storage medium based on network call log | |
| CN108880847A (en) | A kind of method and device of positioning failure | |
| CN108399114A (en) | A kind of system performance testing method, apparatus and storage medium | |
| CN107168844B (en) | Performance monitoring method and device | |
| CN107085549A (en) | The method and apparatus of fault message generation | |
| CN108959048A (en) | The method for analyzing performance of modular environment, device and can storage medium | |
| CN110932918A (en) | Log data acquisition method and device and storage medium | |
| CN112350854A (en) | Flow fault positioning method, device, equipment and storage medium | |
| CN106559498A (en) | Air control data collection platform and its collection method | |
| CN116244339A (en) | Method, device, terminal and medium for fusing operation service monitoring data of business center | |
| CN110968479A (en) | Business-level full-link monitoring method for application program and server | |
| CN103517292A (en) | Mobile terminal information reporting method and apparatus | |
| CN111506769B (en) | Video file processing method and device, storage medium and electronic device | |
| CN103944779B (en) | A kind of WAP service features monitoring method and system | |
| CN109559121A (en) | Transaction path calls exception analysis method, device, equipment and readable storage medium storing program for executing | |
| CN110825466B (en) | Program jamming processing method and jamming processing device | |
| CN106126426B (en) | The test method and device of computer software |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190423 |