CN110190983B - Network problem analysis method and device - Google Patents
Network problem analysis method and device Download PDFInfo
- Publication number
- CN110190983B CN110190983B CN201910314347.6A CN201910314347A CN110190983B CN 110190983 B CN110190983 B CN 110190983B CN 201910314347 A CN201910314347 A CN 201910314347A CN 110190983 B CN110190983 B CN 110190983B
- Authority
- CN
- China
- Prior art keywords
- access
- log
- address
- user
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
Abstract
The invention discloses a network problem analysis method and a system, wherein the method comprises the following steps: acquiring user access information, wherein the user access information is used as a query condition, and comprises a user ip address, an access target and problem occurrence time; searching a target log matched with the query condition in the access logs of the nearest level node corresponding to the user ip address, wherein each access log comprises the own node ip address, the user ip address, the URL, the access time and a hit state; performing link splicing by using the ip address of the node of the current target log; judging whether the hit state in the current target log is hit or not; and if the hit state in the current target log is hit, ending the link splicing. The invention can quickly and accurately converge the node link which possibly causes problems, greatly reduces the investment of operation and maintenance manpower, and saves the operation cost of enterprises.
Description
Technical Field
The invention relates to the technical field of CDN (content delivery network), in particular to a network problem analysis method and a device.
Background
Current CDN (Content Delivery Network) services provide acceleration mainly with different levels of data caching. When a user accesses a website, a request is firstly sent to a nearest level node which is close to the user, and when the nearest level node caches the content desired by the user, the content desired by the user is sent to a user terminal. And if the current node does not cache the content desired by the user, continuing to request the content from the node at the higher level until the target data is accessed.
In the whole access process, because of factors such as network communication hardware performance problems, the problems such as slow access or interruption are easily generated, and based on the problems, the current problem analysis and positioning mode is as follows: and finding the direct upper-layer nodes corresponding to the user, checking one by one, and gradually advancing confirmation to the upper layer.
Disclosure of Invention
In order to solve the problems in the prior art, embodiments of the present invention provide a method and a system for analyzing a network problem. The technical scheme is as follows:
in a first aspect, a method for analyzing a network problem is provided, where the method includes:
acquiring user access information, and taking the user access information as a query condition;
searching a target log matched with the query condition in an access log of a nearest level node corresponding to the ip address of the user;
performing link splicing by using the ip address of the node of the current target log;
judging whether the hit state in the current target log is hit or not;
and if the hit state in the current target log is hit, ending the link splicing.
Optionally, after the step of determining whether the hit status in the current target log is hit, the method further includes:
if the hit state in the current target log is not hit, taking one or more of an ip address of an upper node in the current target log, an ip address of a user in the user access information, an access target in the user access information and access time in the current target log as a new query condition;
and searching a target log matched with the current query condition in the access log with the ip address of the node as the upper layer node ip address, and returning to execute the step of performing link splicing by using the ip address of the node in the current target log.
Optionally, the user ip address in the user access information is a user ip address or a network segment of the user ip address; the access target is an accessed URL or an accessed domain name.
Optionally, when the problem occurrence time is a time period, the step of searching the access log of the nearest level node corresponding to the ip address of the user for a target log matched with the query condition includes:
sending a query instruction to a log storage system, wherein the query instruction comprises the user access information;
the log storage system searches a first access log based on the query instruction, wherein a user ip address in the first access log is the same as a user ip address in the user access information, a URL in the first access log is the same as an access target in the user access information, or a domain name in the URL in the first access log is the same as the access target in the user access information, and the access time in the first access log is within the range of the problem occurrence time;
receiving the first access log sent by the log storage system;
and searching the access log of the nearest level node corresponding to the user ip address in the user access information in the first access log, and taking the searched access log as a target log.
Optionally, the step of searching for a target log matched with the current query condition in the access log whose own ip address is the ip address of the upper node includes:
searching the access log with the ip address as the ip address of the upper node in the first access log, and taking the searched access log as a second access log;
calculating a difference between the access time in the second access log and the access time in the current query condition;
and if the difference value is smaller than a preset value, taking the second access log as a target log.
Optionally, after the step of ending the link splicing, the method includes:
detecting whether the response result of each node in the link is normal or not;
if the node with the abnormal response result is judged, detecting the machine performance data of the node with the abnormal response result;
and if the response result of each node in the link is judged to be normal, detecting the network characteristic data between every two nodes in the link.
Optionally, the response result includes a response time and/or a download rate;
the machine performance data includes CPU usage and/or memory usage.
Optionally, after the step of ending the link splicing, the method further includes:
associating detection data into the link and displaying the detection data through an interface, wherein the detection data comprises one or more of access state codes in the target log, response results of nodes, machine performance data of the nodes and network characteristic data among the nodes;
the network characteristic data includes mtr data and/or ping data.
In a second aspect, there is provided a network problem analysis apparatus, the apparatus comprising:
the acquisition module is used for acquiring user access information and taking the user access information as a query condition;
the searching module is used for searching a target log matched with the query condition in the access log of the nearest level node corresponding to the user ip address;
the splicing module is used for carrying out link splicing by utilizing the ip address of the node in the current target log;
and the judging module is used for judging whether the hit state in the current target log is hit or not, and if the hit state in the current target log is hit, ending the link splicing.
Optionally, the determining module is further configured to, if the hit status in the current target log is miss, use one or more of an ip address of an upper node in the current target log, an ip address of a user in the user access information, an access target in the user access information, and access time in the current target log as a new query condition;
the searching module is further configured to search a target log matched with the current query condition in an access log with the ip address of the searching module as the ip address of the upper node.
Optionally, the user ip address in the user access information is a user ip address or a network segment of the user ip address; the access target is an accessed URL or an accessed domain name.
Optionally, when the problem occurrence time is a time period, the searching module is specifically configured to:
sending a query instruction to a log storage system, wherein the query instruction comprises the user access information;
the log storage system searches a first access log based on the query instruction, wherein a user ip address in the first access log is the same as a user ip address in the user access information, a URL in the first access log is the same as an access target in the user access information, or a domain name in the URL in the first access log is the same as the access target in the user access information, and the access time in the first access log is within the range of the problem occurrence time;
receiving the first access log sent by the log storage system;
and searching the access log of the nearest level node corresponding to the user ip address in the user access information in the first access log, and taking the searched access log as a target log.
Optionally, the search module is further configured to:
searching the access log with the ip address as the ip address of the upper node in the first access log, and taking the searched access log as a second access log;
calculating a difference between the access time in the second access log and the access time in the current query condition;
and if the difference value is smaller than a preset value, taking the second access log as a target log.
Optionally, the apparatus further includes a detection module, where the detection module is configured to:
detecting whether the response result of each node in the link is normal or not;
if the node with the abnormal response result is judged, detecting the machine performance data of the node with the abnormal response result;
and if the response result of each node in the link is judged to be normal, detecting the network characteristic data between every two nodes in the link.
Optionally, the response result includes a response time and/or a download rate;
the machine performance data includes CPU usage and/or memory usage.
Optionally, the network characteristic data includes mtr data and/or ping data.
Optionally, the apparatus further includes an association module, where the association module is configured to:
and associating detection data into the link and displaying the detection data through an interface, wherein the detection data comprises one or more of access state codes in the target log, response results of the nodes, machine performance data of the nodes and network characteristic data among the nodes.
In a third aspect, a computer-readable storage medium is provided, which stores a computer program, and the computer program, when executed by a processor, implements the network problem analysis method of the first aspect.
The embodiment of the invention has the beneficial effects that:
(1) the access logs in the CDN nodes are utilized, the splicing of the user access link paths is realized by a set of complete method, the node links which possibly cause problems can be quickly and accurately converged, the investment of operation and maintenance manpower is greatly reduced, and the operation cost of enterprises is saved;
(2) on the basis of the converged node link, log data, machine performance data and network characteristic data are comprehensively accessed by a set of diagnosis and analysis logic with extremely high precision, and the link is further diagnosed and analyzed, so that the cause of the problem can be quickly analyzed, and the problem recovery time in the CDN is greatly shortened;
(3) a set of visual graphical interface system is provided, which can intuitively show the conclusion of diagnosis and analysis and the evidence basis, and provide reliable data support for further comprehensive deep analysis of operation and maintenance personnel.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic diagram of a network framework according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method for analyzing network problems according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a link combination manner provided by an embodiment of the present invention;
fig. 4 is a block diagram of a network problem analysis apparatus according to an embodiment of the present invention;
fig. 5 is a block diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The traditional network problem positioning mode has the following disadvantages:
(1) the operation and maintenance personnel cannot know the nodes accessed by the user access operation at this time, and only can check all the nodes of each relevant level one by one, so that the time consumption is long, and the operation and maintenance cost is high;
(2) after confirming the node where the problem occurs, for the analysis of the generated access interruption or slow access problem, the operation and maintenance personnel needs to manually perform calculation and analysis, and the result comparison is time-consuming and labor-consuming, so that the operation and maintenance personnel is inconvenient, and the accuracy is difficult to guarantee.
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
The embodiment of the invention provides a network problem analysis method, which can be applied to a network framework shown in fig. 1. The network framework comprises analysis nodes, a log storage system and CDN nodes. After the client sends an access request, the request jumps in a CDN node to seek the content to be accessed, and gradually accesses and extends to a high-level node until the target data is accessed under the condition of no hit, namely no target data is cached in the CDN node of the current request, and footprints are left at nodes of different levels in the whole access process, namely the footprints are the access logs. And the log storage system is used for storing access logs generated by each CDN node. In the process of analyzing the network problem, the analysis node searches the node passed by the problem access request in the access log according to the user ip address, the access target and the problem occurrence time fed back by the user, so as to splice an access link path, and finally analyzes the machine performance data of each node in the link and the network characteristic data between every two nodes, so as to determine the problem.
Hereinafter, a network problem analysis method is specifically described, wherein when nodes are not explicitly described, all refer to CDN nodes.
Referring to fig. 2, a flowchart of a network problem analysis method according to an embodiment of the present invention is provided, where the method is applied to an analysis node, that is, executed by the analysis node, and the method specifically includes the following steps.
When the client finds that the website is accessed, the response is slow or the interruption occurs, the user access information can be sent to the analysis node through the client, or the operation and maintenance personnel input the collected user access information into the analysis system. The ip address of the user in the user access information is the address of the client with the access problem, and the access target is the URL or domain name with the access problem. Since the user generally cannot determine the precise time when the problem access occurs, but only provides a rough time period or a rough time point, when determining the query condition, a time period can be determined according to the time when the problem access occurs, which is fed back by the user, and the time period is used as the problem occurrence time in the user access information to search the target log.
After obtaining the user access information, the analysis system searches the nodes accessed by the problem access operation in the access log by using the user access information as a query condition, and performs link splicing by using the searched nodes, wherein the specific link splicing process is as follows.
The log storage system stores access logs generated by all nodes. The process of the analysis node for finding the nearest level node (i.e. edge node) accessed by the problem access operation from the whole access log may be: determining ip addresses of all edge nodes corresponding to the client according to the ip addresses of the users; sending a query instruction to a log storage system, wherein the query instruction comprises the determined ip address of the edge node and the user access information; the log storage system searches a target log matched with the query instruction, wherein the ip address of a node of the target log matched with the query instruction is the ip address of an edge node, the ip address of a user is the same as the ip address of the user in the query instruction, the URL of the target log is the same as the access target in the query instruction, or the domain name of the URL of the target log is the same as the access target in the query instruction, and the access time is within the range of the problem occurrence time; and receiving a target log sent by the log storage system, and determining the nearest level node accessed by the problem access operation based on the ip address of the node in the target log.
In another embodiment, when the analysis node searches an access log, i.e., a target log, generated by the problem access operation from all the access logs in advance, a preliminary screening may be performed, i.e., a first access log is obtained from the log storage system by using the user access information as the query condition, and then the target log is searched from the first access log. The process of the analysis node for acquiring the first access log comprises the following steps: the analysis node sends a query instruction to a log storage system, wherein the query instruction comprises the user access information; the log storage system searches a first access log based on the query instruction, wherein a user ip address in the first access log is the same as a user ip address in the user access information, a URL in the first access log is the same as an access target in the user access information, or a domain name in the URL in the first access log is the same as the access target in the user access information, and the access time in the first access log is within the range of the problem occurrence time; and receiving the first access log sent by the log storage system.
Because each log in the first access log is a log matched with the user access information, the access log of the nearest level node corresponding to the user ip address in the first access log is the target log. Therefore, after the analysis node acquires the first access log, the analysis node searches the access log of the nearest level node corresponding to the user ip address in the user access information in the first access log, and takes the searched access log as a target log.
No matter the searching of the nearest level node or the searching of the subsequent higher level node, the searching can be carried out in the first access log, and the searching in the log storage system is not required to be carried out comprehensively every time, so that the searching range of the target log is reduced, and the searching speed is improved.
And step 203, performing link splicing by using the ip address of the node in the current target log.
The ip address of the node in the target log is the ip address of the node in the access link to be determined. The access link to be determined takes the client as a starting point, and the found nearest level node is the second node of the link.
Preferably, if the hit status in the current target log is miss, the ip address of the upper node in the current target log, the ip address of the user in the user access information, the access target in the user access information, and the access time in the current target log are used as new query conditions.
And step 207, searching a target log matched with the current query condition in the access log with the ip address of the upper node, and returning to execute the step 203.
If the hit state in the target log is hit, it indicates that the target data is cached in the node generating the target log, and the access is finished. If the hit state in the target log is not hit, it indicates that the target data is not cached in the node and the upper node needs to be continuously accessed. When the hit state in the target log is miss, the target log further comprises information of the ip address of the upper node, so as to indicate the next-hop node of the access link.
The query conditions for finding the next-hop target log include: the IP address of an upper node in the current target log, the IP address of a user in the user access information, the access target in the user access information and the access time in the current target log. Since the first access log matched with the user ip address and the access target is determined currently, the analysis node can further determine the next-hop target log in the first access log, and the specific process is as follows: searching the access log with the ip address as the ip address of the upper node in the first access log, and taking the searched access log as a second access log; calculating a difference between the access time in the second access log and the access time in the current query condition; and if the difference value is smaller than a preset value, taking the second access log as a target log.
The preset value may be 3s or 5s, and when a difference between the access time in the second access log and the access time in the current query condition is smaller than the preset value, it indicates that the current second access log and the last determined target log are access logs generated in response to the same access request, so that the current second access log is the target log to be determined.
In implementation, if the analysis node does not determine the first access log in advance, the next-hop target log may be searched from the log storage system by using the ip address of the upper node in the current target log, the ip address of the user in the user access information, the access target in the user access information, and the access time in the current target log as new query conditions.
Since the problem in the user access information occurs in a time period during which the same user may send multiple requests for accessing the same target, and one access corresponds to one link, multiple links may be obtained. And because the nodes of a certain level in the links may be the same, the links can be displayed independently or combined together, that is, when the nodes of a certain level are the same, one node is shared for link splicing. For example, as shown in fig. 3, a node 1 is connected to a node 2 in a link a, a node 3 is connected to a node 2 in a link b, and when two links are combined together to form a combined link, both the node 1 and the node 3 of the combined link are connected to the same node 2 and are shown in the form of a link diagram.
In step 201, the user ip address in the user access information may be a user ip address or a network segment of the user ip address. For example, the user access information may include only the ip address of the user 192.168.0.1 or include the network segment 192.168.0.255. When the user access information includes a network segment of the user ip address, each user ip address in the network segment and the access target can form a group of query conditions with the problem occurrence time, an access link is obtained according to the method shown in fig. 2, and finally all the obtained access links can be spliced together for display.
The resulting link is detected, step 208.
After the link splicing is finished, the analysis node can further perform diagnosis and analysis on the link, and the specific flow is as follows: detecting whether the access state code of the target log on each node in the link is normal or not; detecting whether the response result of each node in the link is normal or not; if the node with the abnormal response result exists, detecting the machine performance data of the node with the abnormal response result; and if the response result of each node in the link is normal, detecting the network characteristic data between every two nodes in the link.
The access status code in the access log is a 3-digit code used to indicate the response status of the web server, for example, 100 represents that the request has been accepted and needs to be processed; 200 represents that the request has succeeded; 300 represents redirection, 400 represents request error, and 500 represents error or exception status occurring in the process of processing request.
The response results to be detected include response time and/or download rate. When the analysis node determines the response time of the node, the analysis node can search the response time in a target log of the node, and the downloading rate is the ratio of the size of the request content to the response time. In implementation, the analysis node may determine whether the response time of the node is normal by comparing the response time of the node with a preset response time. The analysis node can judge whether the download rate of the node is normal or not by comparing the download rate of the node with a preset download rate. And if the response time or the download rate of the node is abnormal, indicating that the response result of the node is abnormal.
When the response result of a node is abnormal, the machine performance of the node is possibly problematic, and the machine performance data of the node with the abnormal response result needs to be continuously detected. The machine performance data includes CPU usage and/or memory usage.
When the performance of the node machine is not the problem, namely the response result of each node is normal, the analysis node continuously detects the network characteristic data between every two nodes in the link so as to detect the network communication quality between every two nodes in the link. The network characteristic data includes mtr data and/or ping (Packet Internet Groper) data. And obtaining mtr data by performing network analysis through an mtr network connectivity judgment tool. The data obtained by network analysis through the ping network diagnostic tool is ping data.
After the analysis node detects the link, the detected data, namely the detection data, is associated to the link and displayed through an interface so as to provide basis for network problem analysis of operation and maintenance personnel. The detection data comprises one or more of access state codes in the target log, response results of the nodes, machine performance data of the nodes and network characteristic data among the nodes.
The embodiment of the invention has the beneficial effects that:
(1) the access logs in the CDN nodes are utilized, the splicing of the user access link paths is realized by a set of complete method, the node links which possibly cause problems can be quickly and accurately converged, the investment of operation and maintenance manpower is greatly reduced, and the operation cost of enterprises is saved;
(2) on the basis of the converged node link, log data, machine performance data and network characteristic data are comprehensively accessed by a set of diagnosis and analysis logic with extremely high precision, and the link is further diagnosed and analyzed, so that the cause of the problem can be quickly analyzed, and the problem recovery time in the CDN is greatly shortened;
(3) a set of visual graphical interface system is provided, which can intuitively show the conclusion of diagnosis and analysis and the evidence basis, and provide reliable data support for further comprehensive deep analysis of operation and maintenance personnel.
Referring to fig. 4, a block diagram of a network problem analysis apparatus according to an embodiment of the present invention is shown, where the apparatus is configured in an analysis node or is an analysis node itself, and the apparatus includes:
an obtaining module 401, configured to obtain user access information, where the user access information is used as a query condition, and the user access information includes a user ip address, an access target, and a problem occurrence time;
a searching module 402, configured to search a target log matched with the query condition in access logs of a closest hierarchy node corresponding to the ip address of the user, where each access log includes the ip address of the node, the ip address of the user, a URL, access time, and a hit state;
a splicing module 403, configured to perform link splicing by using the ip address of the node in the current target log;
a determining module 404, configured to determine whether a hit state in the current target log is a hit, and if the hit state in the current target log is a hit, end link splicing.
Preferably, the determining module 404 is further configured to, if the hit status in the current target log is miss, take one or more of an ip address of an upper node in the current target log, an ip address of a user in the user access information, an access target in the user access information, and access time in the current target log as a new query condition;
the searching module 402 is further configured to search a target log matched with the current query condition in an access log whose own ip address is the ip address of the upper node.
Preferably, the user ip address in the user access information is a user ip address or a network segment of the user ip address; the access target is an accessed URL or an accessed domain name.
Preferably, when the problem occurrence time is a time period, the searching module 402 is specifically configured to:
sending a query instruction to a log storage system, wherein the query instruction comprises the user access information;
the log storage system searches a first access log based on the query instruction, wherein a user ip address in the first access log is the same as a user ip address in the user access information, a URL in the first access log is the same as an access target in the user access information, or a domain name in the URL in the first access log is the same as the access target in the user access information, and the access time in the first access log is within the range of the problem occurrence time;
receiving the first access log sent by the log storage system;
and searching the access log of the nearest level node corresponding to the user ip address in the user access information in the first access log, and taking the searched access log as a target log.
Preferably, the searching module 402 is further configured to:
searching the access log with the ip address as the ip address of the upper node in the first access log, and taking the searched access log as a second access log;
calculating a difference between the access time in the second access log and the access time in the current query condition;
and if the difference value is smaller than a preset value, taking the second access log as a target log.
Preferably, the apparatus further comprises a detection module 405, and the detection module 405 is configured to:
detecting whether the response result of each node in the link is normal or not;
if the node with the abnormal response result is judged, detecting the machine performance data of the node with the abnormal response result;
and if the response result of each node in the link is judged to be normal, detecting the network characteristic data between every two nodes in the link.
Preferably, the response result includes a response time and/or a download rate;
the machine performance data includes CPU usage and/or memory usage.
Preferably, the detection module is further configured to detect network characteristic data between every two nodes in the link.
Preferably, the network characteristic data comprises mtr data and/or ping data.
Preferably, the apparatus further comprises an association module 406, and the association module 406 is configured to:
and associating detection data into the link and displaying the detection data through an interface, wherein the detection data comprises one or more of access state codes in the target log, response results of the nodes, machine performance data of the nodes and network characteristic data among the nodes.
The embodiment of the invention has the beneficial effects that:
(1) the access logs in the CDN nodes are utilized, the splicing of the user access link paths is realized by a set of complete method, the node links which possibly cause problems can be quickly and accurately converged, the investment of operation and maintenance manpower is greatly reduced, and the operation cost of enterprises is saved;
(2) on the basis of the converged node link, log data, machine performance data and network characteristic data are comprehensively accessed by a set of diagnosis and analysis logic with extremely high precision, and the link is further diagnosed and analyzed, so that the cause of the problem can be quickly analyzed, and the problem recovery time in the CDN is greatly shortened;
(3) a set of visual graphical interface system is provided, which can intuitively show the conclusion of diagnosis and analysis and the evidence basis, and provide reliable data support for further comprehensive deep analysis of operation and maintenance personnel.
It should be noted that: in the network problem analysis device provided in the above embodiment, when performing problem analysis, only the division of the above functional modules is taken as an example, and in practical applications, the above functions may be distributed by different functional modules according to needs, that is, the internal structure of the system may be divided into different functional modules to complete all or part of the above described functions. In addition, the network problem analysis device and the network problem analysis method provided by the above embodiments belong to the same concept, and specific implementation processes thereof are detailed in the method embodiments and are not described herein again.
Fig. 5 is a block diagram of a computer device according to an embodiment of the present invention. The computer device 500 may vary widely in configuration or performance and may include one or more central processors 522 (e.g., one or more processors) and memory 532, one or more storage media 530 (e.g., one or more mass storage devices) storing application programs 542 or data 544. Memory 532 and storage media 530 may be, among other things, transient storage or persistent storage. The program stored on the storage medium 530 may include one or more modules (not shown), each of which may include a series of instruction operations for the computer device. Still further, the central processor 522 may be configured to communicate with the storage medium 530 to execute a series of instruction operations in the storage medium 530 on the computer device 500.
The computer device 500 may also include one or more power supplies 524, one or more wired or wireless network interfaces 550, one or more input/output interfaces 558, one or more keyboards 554, and/or one or more operating systems 541, such as Windows Server, Mac OS XTM, UnixTM, Linux, FreeBSDTM, etc.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the storage medium may be a read-only memory, a magnetic disk or an optical disk.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (11)
1. A method for analyzing network problems, the method comprising:
acquiring user access information, and taking the user access information as a query condition;
searching a target log matched with the query condition in an access log of a nearest level node corresponding to the ip address of the user;
performing link splicing by using the ip address of the node of the current target log;
judging whether the hit state in the current target log is hit or not;
and if the hit state in the current target log is hit, ending link splicing, and analyzing the machine performance data of each node in the link and the network characteristic data between every two nodes to determine the network problem of the link.
2. The method of claim 1, wherein after the step of determining whether the hit status in the current target log is hit, the method further comprises:
if the hit state in the current target log is not hit, taking one or more of an ip address of an upper node in the current target log, an ip address of a user in the user access information, an access target in the user access information and access time in the current target log as a new query condition;
and searching a target log matched with the current query condition in the access log with the ip address of the node as the upper layer node ip address, and returning to execute the step of performing link splicing by using the ip address of the node in the current target log.
3. The method according to claim 1, wherein the user ip address in the user access information is a user ip address or a network segment of the user ip address; the access target is an accessed URL or an accessed domain name.
4. The method according to claim 2, wherein when the problem occurrence time is a time period, the step of searching the access log of the nearest level node corresponding to the user ip address for a target log matching the query condition includes:
sending a query instruction to a log storage system, wherein the query instruction comprises the user access information;
the log storage system searches a first access log based on the query instruction, wherein a user ip address in the first access log is the same as a user ip address in the user access information, a URL in the first access log is the same as an access target in the user access information, or a domain name in the URL in the first access log is the same as the access target in the user access information, and the access time in the first access log is within the range of the problem occurrence time;
receiving the first access log sent by the log storage system;
and searching the access log of the nearest level node corresponding to the user ip address in the user access information in the first access log, and taking the searched access log as a target log.
5. The method according to claim 4, wherein the step of searching for a target log matching the current query condition in the access log whose own ip address is the ip address of the upper node comprises:
searching the access log with the ip address as the ip address of the upper node in the first access log, and taking the searched access log as a second access log;
calculating a difference between the access time in the second access log and the access time in the current query condition;
and if the difference value is smaller than a preset value, taking the second access log as a target log.
6. The method of claim 1, wherein the step of ending the link splice comprises, after the step of ending the link splice:
detecting whether the response result of each node in the link is normal or not;
if the node with the abnormal response result is judged, detecting the machine performance data of the node with the abnormal response result;
and if the response result of each node in the link is judged to be normal, detecting the network characteristic data between every two nodes in the link.
7. The method of claim 6, wherein the response result comprises a response time and/or a download rate;
the machine performance data includes CPU usage and/or memory usage.
8. The method of claim 7, wherein after the step of ending the link splicing, further comprising:
associating detection data into the link and displaying the detection data through an interface, wherein the detection data comprises one or more of access state codes in the target log, response results of nodes, machine performance data of the nodes and network characteristic data among the nodes;
the network characteristic data includes mtr data and/or ping data.
9. A network problem analysis apparatus, the apparatus comprising:
the acquisition module is used for acquiring user access information and taking the user access information as a query condition;
the searching module is used for searching a target log matched with the query condition in the access log of the nearest level node corresponding to the user ip address;
the splicing module is used for carrying out link splicing by utilizing the ip address of the node in the current target log;
and the judging module is used for judging whether the hit state in the current target log is hit, finishing link splicing if the hit state in the current target log is hit, and analyzing the machine performance data of each node in the link and the network characteristic data between every two nodes to determine the network problem of the link.
10. The apparatus of claim 9, further comprising an association module configured to:
and associating detection data into the link and displaying the detection data through an interface, wherein the detection data comprises one or more of access state codes in the target log, response results of the nodes, machine performance data of the nodes and network characteristic data among the nodes.
11. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the network problem analysis method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910314347.6A CN110190983B (en) | 2019-04-18 | 2019-04-18 | Network problem analysis method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910314347.6A CN110190983B (en) | 2019-04-18 | 2019-04-18 | Network problem analysis method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110190983A CN110190983A (en) | 2019-08-30 |
| CN110190983B true CN110190983B (en) | 2022-05-10 |
Family
ID=67714730
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910314347.6A Active CN110190983B (en) | 2019-04-18 | 2019-04-18 | Network problem analysis method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110190983B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112491594B (en) * | 2020-11-12 | 2022-11-04 | 苏州浪潮智能科技有限公司 | Method, system and device for positioning multi-level link fault |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8724456B1 (en) * | 2010-05-19 | 2014-05-13 | Juniper Networks, Inc. | Network path selection for multi-homed edges to ensure end-to-end resiliency |
| CN106230809A (en) * | 2016-07-27 | 2016-12-14 | 南京快页数码科技有限公司 | A kind of mobile Internet public sentiment monitoring method based on URL and system |
| CN106815248A (en) * | 2015-11-30 | 2017-06-09 | 北京国双科技有限公司 | Web analytics method and device |
| CN108011752A (en) * | 2017-11-21 | 2018-05-08 | 江苏天联信息科技发展有限公司 | Fault locating analysis method and device, computer-readable recording medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| SE2251212A1 (en) * | 2015-11-25 | 2022-10-15 | Teamifier Inc | Apparatuses for graphically representing a reconfigured portion of a directed acyclic graph as a hierarchical tree structure |
| US10581903B2 (en) * | 2016-06-16 | 2020-03-03 | Level 3 Communications, Llc | Systems and methods for preventing denial of service attacks utilizing a proxy server |
-
2019
- 2019-04-18 CN CN201910314347.6A patent/CN110190983B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8724456B1 (en) * | 2010-05-19 | 2014-05-13 | Juniper Networks, Inc. | Network path selection for multi-homed edges to ensure end-to-end resiliency |
| CN106815248A (en) * | 2015-11-30 | 2017-06-09 | 北京国双科技有限公司 | Web analytics method and device |
| CN106230809A (en) * | 2016-07-27 | 2016-12-14 | 南京快页数码科技有限公司 | A kind of mobile Internet public sentiment monitoring method based on URL and system |
| CN108011752A (en) * | 2017-11-21 | 2018-05-08 | 江苏天联信息科技发展有限公司 | Fault locating analysis method and device, computer-readable recording medium |
Non-Patent Citations (3)
| Title |
|---|
| cdn基础知识-《cdn技术详解》笔记;gameSummer;《CSDN》;20150721;全文 * |
| USing signatures to improve URL routing;Z.Genova,KJ.Christensen;《Conference Proceedings of the IEEE International Performance,computing,and Communications Conference》;20020807;全文 * |
| 柔韧可扩展的应用层路由关键技术研究与实现;林坤;《中国优秀硕士学位论文数据库》;20131212;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110190983A (en) | 2019-08-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10412176B2 (en) | Website access method, apparatus, and website system | |
| US8554790B2 (en) | Content based load balancer | |
| US10261938B1 (en) | Content preloading using predictive models | |
| US9106607B1 (en) | Browser based feedback for optimized web browsing | |
| CN110830311B (en) | Network quality detection method, device, equipment and storage medium | |
| CN111159514B (en) | Method, device and equipment for detecting task effectiveness of web crawler and storage medium | |
| CN107707631B (en) | Data acquisition method and device | |
| CN108256014B (en) | Page display method and device | |
| WO2020244307A1 (en) | Vulnerability detection method and apparatus | |
| CN112506915A (en) | Application data management system, processing method and device and server | |
| WO2012094965A1 (en) | Method, terminal and server for presenting prompt message | |
| CN113596114B (en) | Extensible automatic Web vulnerability scanning system and method | |
| CN110190983B (en) | Network problem analysis method and device | |
| CN106911735B (en) | Data acquisition method and device | |
| US8145845B2 (en) | Limited life virtual attribute values | |
| CN113918438A (en) | Method and device for detecting server abnormality, server and storage medium | |
| CN110430083B (en) | Positioning processing method for proxy forwarding request and server | |
| CN107220260A (en) | The method and device that a kind of page is shown | |
| CN111783005A (en) | Method, apparatus and system for displaying web page, computer system and medium | |
| US7725435B1 (en) | Method and apparatus for a dynamic web portal with content distributed network content availability and user locality | |
| US8219667B2 (en) | Automated identification of computing system resources based on computing resource DNA | |
| US9172739B2 (en) | Anticipating domains used to load a web page | |
| CN109547276B (en) | Problem positioning method, terminal and storage medium | |
| CN108846141B (en) | Offline cache loading method and device | |
| US11070609B1 (en) | System and method for downloading a file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |