CN110209562A - A kind of log analysis method and Analysis server - Google Patents
A kind of log analysis method and Analysis server Download PDFInfo
- Publication number
- CN110209562A CN110209562A CN201910393108.4A CN201910393108A CN110209562A CN 110209562 A CN110209562 A CN 110209562A CN 201910393108 A CN201910393108 A CN 201910393108A CN 110209562 A CN110209562 A CN 110209562A
- Authority
- CN
- China
- Prior art keywords
- log
- analysis server
- analysis
- applied host
- host machine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
- G06F11/3476—Data logging
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application provides a kind of log analysis method and Analysis server, wherein method includes: that Analysis server and multiple applied host machines establish connection respectively, wherein Analysis server, which has authorized, exempts from close to log on to multiple applied host machines.After establishing connection respectively with multiple applied host machines, Analysis server obtains the login log on multiple applied host machines respectively and analyzes log is logged in.In the program, the close login log for logging on to applied host machine and acquiring applied host machine is exempted from by Analysis server, it realizes and concentration analysis is carried out to login log, it is deposited when abnormal in analysis result, login log is checked without again returning to applied host machine, and the scheme of the application is not necessarily to the installing analysis client on applied host machine, has saved cost.
Description
Technical field
This application involves the financial technology field (Fintech) more particularly to a kind of log analysis methods and Analysis server.
Background technique
With the development of computer technology, more and more technical applications are in financial field, and traditional financial industry is gradually
Change to financial technology (Finteh), but due to the safety of financial industry, requirement of real-time, also technology is proposed higher
It is required that.
To the login log analysis of the applied host machine of the business of execution, the logging state on applied host machine can be determined, to mention
The safety that high business executes.
It is by applied host machine at present for the analysis of login log on the applied host machine in bank and other financial mechanism
Installation can carry out logging in the client of log analysis, be analyzed by client log is logged in.
This analysis method, needs the installing analysis client on each applied host machine, higher cost, also, each
The login log of applied host machine is analyzed on applied host machine by analysis client, will by analysis client after the completion of analysis
Analysis result upload summarizes, and when there are when the information of abnormal login in the analysis result summarized, it is also necessary to back to application master
Specifically there are the information of abnormal login for inquiry up for machine, and to make the precautionary measures, and specifically there are abnormal logins for inquiry
Information can consume certain resource and time again.
Summary of the invention
The application provides a kind of log analysis method and Analysis server, to realize the concentration analysis to log is logged in,
When there is login abnormal behavior in analyzing result, the information there are abnormal login can be determined faster.
In a first aspect, the application provides a kind of log analysis method, this method comprises: Analysis server and multiple application masters
Machine establishes connection respectively, wherein Analysis server, which has authorized, exempts from close to log on to multiple applied host machines.Divide with multiple applied host machines
After not establishing connection, Analysis server obtains the login log on multiple applied host machines respectively and analyzes log is logged in.
In the program, the close login log for logging on to applied host machine and acquiring applied host machine is exempted from by Analysis server, is realized pair
It logs in log and carries out concentration analysis, deposited when abnormal in analysis result, check login log without again returning to applied host machine,
And the scheme of the application is not necessarily to the installing analysis client on applied host machine, has saved cost.
In one possible implementation, above-mentioned Analysis server and multiple applied host machines establish connection respectively, comprising:
Analysis server determines the applied host machine for log in the analysis of log, destination host list according to destination host list
It is used to indicate the applied host machine for log in the analysis of log.Analysis server is connected to applied host machine, and exempts from close login
To the applied host machine.In the program, Analysis server defines according to destination host list and carries out logging in log
The applied host machine of analysis, then applied host machine can be more quickly connected to by way of exempting from close login.
In one possible implementation, the above method further include: Analysis server is sent to configuration management database
First orders, and record has the configuration information of applied host machine in configuration management database, and the first order is used to indicate configuration management number
Destination host list is determined according to the configuration information of applied host machine according to library and sends destination host list to the Analysis server.
Record has the configuration information of applied host machine in configuration management database, it is understood that knows which is answered for configuration management database
Log in host the analysis of log, and goes to be logged in as needed by the first command triggers configuration management database
The applied host machine of log analysis generates destination host list, and sends a list to Analysis server, then Analysis server
Determine the applied host machine for carrying out logging in log analysis.
In one possible implementation, above-mentioned Analysis server is analyzed log is logged in, comprising: Analysis Service
Device obtains respective field according to the preset parameter for needing to analyze, from logging in log.Analysis server is according to the word got
Section is analyzed log is logged in.Logging in record in log, there are many information, can obtain and log in for different analysis demands
Corresponding field carries out reasonable analysis in log, in this way, the field for not needing analysis is improved and stepped on without analyzing
Record the analysis speed of log.
In one possible implementation, the above-mentioned preset parameter for needing to analyze is following any one or more:
Login user logs in source address, logs in destination address, login mode, login time, logging state.
Second aspect, the application provide a kind of Analysis server, which, which has authorized, exempts from close to log on to multiple answer
Use host.The Analysis server includes: connection unit, acquiring unit, analytical unit.Wherein, connection unit with multiple for answering
Connection is established respectively with host.Acquiring unit is used to obtain the login log on multiple applied host machines respectively.Analytical unit is used for
It analyzes log is logged in.In the program, exempt from close to log on to applied host machine and acquire applied host machine by Analysis server
Login log, realize to log in log carry out concentration analysis, analysis result in deposit when abnormal, answered without again returning to
Login log is checked with host, and the scheme of the application is not necessarily to the installing analysis client on applied host machine, has saved cost.
In one possible implementation, above-mentioned connection unit, is specifically used for: determining needs according to destination host list
Log in the applied host machine of the analysis of log, destination host list is used to indicate the application for log in the analysis of log
Host.It is connected to applied host machine, and exempts from close to log on to applied host machine.In the program, Analysis server according to destination host list,
The applied host machine for log in the analysis of log is defined, then can more quickly be connected by way of exempting from close login
To applied host machine.
In one possible implementation, above-mentioned Analysis server further includes transmission unit, the transmission unit be used for
Configuration management database sends the first order, wherein and record has the configuration information of applied host machine in configuration management database, and first
Order is used to indicate configuration management database and determines destination host list according to the configuration information of applied host machine and send target master
Machine list is to Analysis server.Record has the configuration information of applied host machine in configuration management database, it is understood that for configuration
Management database knows which applied host machine log in the analysis of log, and by the first command triggers configuration management data
Library goes the applied host machine for carrying out logging in log analysis as needed to generate destination host list, and sends a list to Analysis Service
Device, then Analysis server is that can determine the applied host machine for carrying out logging in log analysis.
In one possible implementation, above-mentioned analytical unit, specifically can be used for: be analyzed according to preset needs
Parameter obtains respective field from logging in, and is analyzed according to the field got log is logged in log.It logs in log
There are many information for record, can carry out reasonable analysis for corresponding field in the acquisition login log of different analysis demands,
In this way, the field for not needing analysis improves the analysis speed for logging in log without analyzing.
In one possible implementation, the above-mentioned preset parameter for needing to analyze is following any one or more:
Login user logs in source address, logs in destination address, login mode, login time, logging state.
The third aspect, the application provide a kind of network equipment, comprising:
Memory, for storing program instruction;
Processor executes aforementioned first according to the program of acquisition for calling the program instruction stored in the memory
Method described in any embodiment in aspect or first aspect.
Fourth aspect, the application provide a kind of computer readable storage medium, the computer-readable recording medium storage
There are computer executable instructions, the computer executable instructions are for making computer execute aforementioned first aspect or first aspect
Method described in middle any embodiment.
Detailed description of the invention
Fig. 1 is a kind of log analysis method flow diagram provided by the present application;
Fig. 2 is a kind of Analysis server structural schematic diagram provided by the present application;
Fig. 3 is a kind of network equipment infrastructure schematic diagram provided by the present application.
Specific embodiment
In order to keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with attached drawing to the application make into
One step it is described in detail.Concrete operation method in embodiment of the method also can be applied to Installation practice or system embodiment
In.Wherein, in the description of the present application, unless otherwise indicated, the meaning of " plurality " is two or more.
Fig. 1 is that a kind of log analysis method provided by the present application executes, and this method can be executed by Analysis server.The party
Method, which can be applied, such as to be applied in financial field on the applied host machine for executing business in bank, to carrying out corresponding service in bank
Applied host machine on log analyzed.As shown in Figure 1, this method comprises:
Step 101, Analysis server and multiple applied host machines establish connection respectively.
Wherein, Analysis server, which has authorized, exempts from close to log on to the multiple applied host machine.
Step 102, Analysis server obtains the login log on multiple applied host machines respectively.
Step 103, Analysis server analyzes the login log got.
The above method exempts from the close login log for logging on to applied host machine and acquiring applied host machine by Analysis server,
It realizes and concentration analysis is carried out to login log, deposit when abnormal in analysis result, checked without again returning to applied host machine
Log is logged in, and the scheme of the application is not necessarily to the installing analysis client on applied host machine, has saved cost.
In one possible implementation, above-mentioned steps 101 can be accomplished by the following way: Analysis server according to
Destination host list, determine carry out login log analysis applied host machine, destination host list be used to indicate need into
Row logs in the applied host machine of the analysis of log.Analysis server is connected to applied host machine, and exempts from close to log on to the applied host machine.
In destination host list record have it is each carry out log in log analysis applied host machine mark, Analysis server according to
Mark, establishes connection with corresponding applied host machine, and log on to each applied host machine by exempting from close mode.Which specific application
Host log in the analysis of log, can be set according to actual needs.
A kind of generating process of destination host list in the application is described below, it should be noted that the generating process is only
It is only used as a kind of example provided by the present application, in practical application, the generating mode of destination host list has very much, and the application is not done
Concrete restriction.Destination host list generation method provided by the present application is sent by Analysis server to configuration management database
First order generates, wherein record has the configuration information of applied host machine in configuration management database, passes through configuration information, configuration
Management database is known which host log in the analysis of log, receives the first life in configuration management database
After order, configuration manager can generate target machine list, and be sent to Analysis server according to the configuration information of applied host machine.
It as shown in table 1, is a kind of possible target machine list provided by the present application.
1 target machine list of table
In target machine list described in table 1, for whether needing to carry out login log analysis, with numerical value " 1 " and " 0 " table
Show, wherein numerical value " 1 " indicates that the applied host machine needs to carry out login log analysis, and numerical value " 0 " indicates that the applied host machine does not need
Carry out login log analysis.For the mark of each applied host machine, uses alphabetical " A " as the mark of applied host machine A in table 1, use
The mark of alphabetical " B " as applied host machine B, in practical applications, the mark representation of applied host machine is not limited to letter, such as
It can also be number, character string etc..Target machine list as shown in Table 1 is it is found that in applied host machine A to F, only applied host machine
E does not need the analysis for carrying out logging in log, and other application host is required to carry out login log analysis.
For the target machine list shown in the table 1, Analysis server is identified as according to the target machine list, determination
" A ", " B ", " C ", " D ", " F " applied host machine be the applied host machine for log in the analysis of log, and and applied host machine
A, applied host machine B, applied host machine C, applied host machine D, applied host machine F establish connection respectively, since Analysis server is authorized
Exempt from it is close log on to each applied host machine, therefore, Analysis server can with quick registration to applied host machine A, applied host machine B, application
Host C, applied host machine D, applied host machine F.
In a step 101, Analysis server and applied host machine establish connection and log on to applied host machine, later in step
In 102, Analysis server can download the login log on applied host machine.Specifically, Analysis server log on to applied host machine it
Afterwards, the file on applied host machine can be inquired and be distinguished, after inquiring the login log of applied host machine, downloads login day
Will.It is of course also possible to be to send to instruct together from Analysis server to applied host machine, so that applied host machine transfers the login of itself
Log is to Analysis server.
In one possible implementation, Analysis server analyzes the login log got, comprising: analysis
Server obtains respective field according to the preset parameter for needing to analyze, from logging in log.Analysis server is according to getting
Field to log in log analyze.Wherein, the preset parameter for needing to analyze is following any one or more: logging in and uses
Family logs in source address, logs in destination address, login mode, login time, logging state.For example, Analysis server can be with
It determines to log in log for embodying the parameter of login time, which is subjected to conversion parsing, that is, can determine that and log in day
There is user to carry out login at what point in time on the corresponding applied host machine of will.
The parameters logged in log can reflect out some login behavior states on the applied host machine, such as to one
The login log of a applied host machine is analyzed, and can learn when particular user is being carried out by which type of login mode
Log in, login mode for example can for password login or exempt from it is close log in etc..According to the login behavior shape on these applied host machines
State can determine that abnormal login behavior occurred for which host.Specifically, if there are a users default on a host
In duration, login times can also determine this it may be considered that there are abnormal login behaviors on the host more than certain number
Abnormal login is carried out by which user, and the corresponding reply precautionary measures are then taken.Certainly, judge whether to be abnormal to step on
The mode of record behavior is there are also very much, for example, some user's continuous several times inputs password mistake, it is also assumed that there are different by the user
Often log in behavior.
In one possible implementation, above-mentioned Analysis server is in addition to obtaining the login log progress on applied host machine
Outside log analysis, the login log that can also be obtained on fort machine and/or springboard machine carries out log analysis.To fort machine and/or
Login log on springboard machine is analyzed, and can more accurately determine whether operation system attacks by illegal log in.
The present processes, since Analysis server obtains the login log for the applied host machine analyzed, and
It has carried out concentrating analysis on Analysis server, when analysis result is to log in log to deposit when abnormal, Analysis server can be straight
It connects the login log determined on which applied host machine and exception occurs, and can determine specifically which user occurs
Abnormal login behavior logs in log without again returning to inquiry on the applied host machine for abnormal login behavior occur to determine specifically
There is the user of abnormal login, therefore the present processes can determine the user of abnormal login behavior faster and carry out phase
Answer the precautionary measures.
Based on the same inventive concept, Fig. 2 illustratively shows a kind of Analysis server provided by the present application, analysis clothes
Business device can have been authorized with the process of execution journal analysis method, the Analysis server exempts from close to log on to multiple applied host machines.Such as Fig. 2
Shown, which includes:
Connection unit 201, for establishing connection respectively with multiple applied host machines.
Here multiple applied host machines refer to the applied host machine for carrying out logging in log analysis.
Acquiring unit 202, for obtaining the login log on multiple applied host machines respectively.
Analytical unit 203, for analyzing login log.
In one possible implementation, above-mentioned connection unit 201, is specifically used for: being determined according to destination host list
Log in the applied host machine of the analysis of log, destination host list is used to indicate the analysis for carrying out logging in log
Applied host machine.It is connected to applied host machine, and exempts from close to log on to applied host machine.
In one possible implementation, above-mentioned Analysis server further includes transmission unit 204, the transmission unit 204
For sending the first order to configuration management database, wherein in configuration management database record have applied host machine with confidence
Breath, the first order are used to indicate configuration management database and determine destination host list according to the configuration information of applied host machine and send
Destination host list is to Analysis server.Record has the configuration information of applied host machine in configuration management database, it is understood that
Know which applied host machine log in the analysis of log for configuration management database, and is configured and managed by the first command triggers
The applied host machine that reason database removes to carry out to log in log analysis as needed generates destination host list, and sends a list to point
Server is analysed, then Analysis server is that can determine the applied host machine for carrying out logging in log analysis.
In one possible implementation, above-mentioned analytical unit 203, specifically can be used for: need to divide according to preset
The parameter of analysis obtains respective field from logging in, and is analyzed according to the field got log is logged in log.
In one possible implementation, the above-mentioned preset parameter for needing to analyze is following any one or more:
Login user logs in source address, logs in destination address, login mode, login time, logging state.
In one possible implementation, above-mentioned connection unit 201 may also connect to fort machine and/or springboard machine,
Above-mentioned acquiring unit 202 can also obtain the login log on fort machine and/or springboard machine.
Concept relevant to technical solution provided by the present application involved in above-mentioned apparatus is explained and is described in detail and is other
Step refers to the description as described in these contents in aforementioned log analysis method or other embodiments, is not repeated herein.
Based on design same as the previously described embodiments, the application also provides a kind of network equipment.
Fig. 3 is a kind of structural schematic diagram of the network equipment provided by the present application.As shown in figure 3, the network equipment 300 wraps
It includes:
Memory 301, for storing program instruction;
Processor 302 executes aforementioned according to the program of acquisition for calling the program instruction stored in the memory
One log analysis method as described in the examples.
Based on design same as the previously described embodiments, the application also provides a kind of computer storage medium, the computer
Readable storage medium storing program for executing is stored with computer executable instructions, and the computer executable instructions are for making computer execute aforementioned
One log analysis method as described in the examples.
It should be noted that be schematical, only a kind of logical function partition to the division of unit in the application, it is real
There may be another division manner when border is realized.Each functional unit in this application can integrate in one processing unit,
It is also possible to each unit to physically exist alone, can also be integrated in two or more units in a module.Above-mentioned collection
At unit both can take the form of hardware realization, can also realize in the form of software functional units.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or any combination thereof real
It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.Computer program product
Including one or more computer instructions.When loading on computers and executing computer program instructions, all or part of real estate
Raw process or function according to the application.Computer can be general purpose computer, special purpose computer, computer network or its
His programmable device.Computer instruction may be stored in a computer readable storage medium, or computer-readable deposit from one
Storage media is transmitted to another computer readable storage medium, for example, computer instruction can be from a web-site, calculating
Machine, server or data center are (such as red by wired (such as coaxial cable, optical fiber, Digital Subscriber Line (DSL)) or wireless
Outside, wirelessly, microwave etc.) mode transmitted to another web-site, computer, server or data center.Computer can
Reading storage medium can be any usable medium or include that one or more usable mediums are integrated that computer can access
The data storage devices such as server, data center.Usable medium can be magnetic medium, (for example, floppy disk, hard disk, tape),
Optical medium (for example, DVD) or semiconductor medium (such as solid state hard disk Solid State Disk (SSD)) etc..
It should be understood by those skilled in the art that, the application can provide as method, system or computer program product.Cause
This, the shape of complete hardware embodiment, complete software embodiment or embodiment combining software and hardware aspects can be used in the application
Formula.Moreover, the application, which can be used, can use storage in the computer that one or more wherein includes computer usable program code
The form for the computer program product implemented on medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.).
The application be referring to according to the present processes, equipment (system) and computer program product flow chart and/or
Block diagram describes.It should be understood that each process that can be realized by computer program instructions in flowchart and/or the block diagram and/or
The combination of process and/or box in box and flowchart and/or the block diagram.It can provide these computer program instructions to arrive
General purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices processor to generate one
Machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for realizing flowing
The device for the function of being specified in journey figure one process or multiple processes and/or block diagrams one box or multiple boxes.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Obviously, those skilled in the art can carry out various modification and variations without departing from the essence of the application to the application
Mind and range.In this way, if these modifications and variations of the application belong to the range of the claim of this application and its equivalent technologies
Within, then the application is also intended to include these modifications and variations.
Claims (12)
1. a kind of log analysis method characterized by comprising
Analysis server and multiple applied host machines establish connection respectively, the Analysis server authorized exempt from it is close log on to it is described more
A applied host machine;
The Analysis server obtains the login log on the multiple applied host machine respectively;
The Analysis server analyzes the login log.
2. the method as described in claim 1, which is characterized in that the Analysis server and multiple applied host machines company of foundation respectively
It connects, comprising:
The Analysis server determines the applied host machine for log in the analysis of log according to destination host list, described
Destination host list is used to indicate the applied host machine for log in the analysis of log;
The Analysis server is connected to the applied host machine, and exempts from close to log on to the applied host machine.
3. method according to claim 2, which is characterized in that the method also includes:
The Analysis server sends the first order to configuration management database, there is described record in the configuration management database
The configuration information of applied host machine, first order are used to indicate the configuration management database matching according to the applied host machine
Confidence breath determines the destination host list and sends the destination host list to the Analysis server.
4. the method as described in claim 1, which is characterized in that the Analysis server analyzes the login log,
Include:
The Analysis server obtains respective field from the login log according to the preset parameter for needing to analyze;
The Analysis server analyzes the login log according to the field.
5. method as claimed in claim 4, which is characterized in that the preset parameter for needing to analyze is following any one
Or it is multinomial:
Login user logs in source address, logs in destination address, login mode, login time, logging state.
6. a kind of Analysis server, which is characterized in that the Analysis server, which has authorized, exempts from close to log on to multiple applied host machines, institute
Stating Analysis server includes:
Connection unit, for establishing connection respectively with multiple applied host machines;
Acquiring unit, for obtaining the login log on the multiple applied host machine respectively;
Analytical unit, for analyzing the login log.
7. Analysis server as claimed in claim 6, which is characterized in that the connection unit is specifically used for:
According to destination host list, the applied host machine for log in the analysis of log is determined, destination host list is for referring to
Show the applied host machine for log in the analysis of log;
It is connected to the applied host machine, and exempts from close to log on to the applied host machine.
8. Analysis server as claimed in claim 7, which is characterized in that the Analysis server further include:
Transmission unit, for sending the first order to configuration management database, there is described record in the configuration management database
The configuration information of applied host machine, first order are used to indicate the configuration management database matching according to the applied host machine
Confidence breath determines the destination host list and sends the destination host list to the Analysis server.
9. Analysis server as claimed in claim 6, which is characterized in that the analytical unit is specifically used for:
According to the preset parameter for needing to analyze, respective field is obtained from the login log;
The login log is analyzed according to the field.
10. Analysis server as claimed in claim 9, which is characterized in that the preset parameter for needing to analyze is following
It is any one or more:
Login user logs in source address, logs in destination address, login mode, login time, logging state.
11. a kind of calculating equipment characterized by comprising
Memory, for storing program instruction;
Processor requires 1 to 5 according to the program execution benefit of acquisition for calling the program instruction stored in the memory
Described in any item methods.
12. a kind of computer-readable non-volatile memory medium, which is characterized in that including computer-readable instruction, work as computer
When reading and executing the computer-readable instruction, so that computer executes such as method described in any one of claim 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910393108.4A CN110209562A (en) | 2019-05-13 | 2019-05-13 | A kind of log analysis method and Analysis server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910393108.4A CN110209562A (en) | 2019-05-13 | 2019-05-13 | A kind of log analysis method and Analysis server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110209562A true CN110209562A (en) | 2019-09-06 |
Family
ID=67787160
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910393108.4A Pending CN110209562A (en) | 2019-05-13 | 2019-05-13 | A kind of log analysis method and Analysis server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110209562A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110618977A (en) * | 2019-09-12 | 2019-12-27 | 腾讯科技(深圳)有限公司 | Login abnormity detection method and device, storage medium and computer equipment |
| CN111049671A (en) * | 2019-11-08 | 2020-04-21 | 合肥宜拾惠网络科技有限公司 | System integration method and device |
| CN112463725A (en) * | 2020-11-19 | 2021-03-09 | 北京思特奇信息技术股份有限公司 | Cloud architecture log file batch processing method and device and storage medium |
| CN113536304A (en) * | 2021-08-04 | 2021-10-22 | 久盈世纪(北京)科技有限公司 | Operation and maintenance audit system-based bypassing prevention method and equipment |
-
2019
- 2019-05-13 CN CN201910393108.4A patent/CN110209562A/en active Pending
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110618977A (en) * | 2019-09-12 | 2019-12-27 | 腾讯科技(深圳)有限公司 | Login abnormity detection method and device, storage medium and computer equipment |
| CN110618977B (en) * | 2019-09-12 | 2023-10-31 | 腾讯科技(深圳)有限公司 | Login anomaly detection method, device, storage medium and computer equipment |
| CN111049671A (en) * | 2019-11-08 | 2020-04-21 | 合肥宜拾惠网络科技有限公司 | System integration method and device |
| CN112463725A (en) * | 2020-11-19 | 2021-03-09 | 北京思特奇信息技术股份有限公司 | Cloud architecture log file batch processing method and device and storage medium |
| CN112463725B (en) * | 2020-11-19 | 2024-05-14 | 北京思特奇信息技术股份有限公司 | Cloud architecture log file batch processing method, cloud architecture log file batch processing device and storage medium |
| CN113536304A (en) * | 2021-08-04 | 2021-10-22 | 久盈世纪(北京)科技有限公司 | Operation and maintenance audit system-based bypassing prevention method and equipment |
| CN113536304B (en) * | 2021-08-04 | 2023-10-13 | 久盈世纪(北京)科技有限公司 | Anti-detour method and equipment based on operation and maintenance audit system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220014556A1 (en) | Cybersecurity profiling and rating using active and passive external reconnaissance | |
| US11184401B2 (en) | AI-driven defensive cybersecurity strategy analysis and recommendation system | |
| CN110209562A (en) | A kind of log analysis method and Analysis server | |
| US11601475B2 (en) | Rating organization cybersecurity using active and passive external reconnaissance | |
| US10331495B2 (en) | Generation of directed acyclic graphs from task routines | |
| US9667704B1 (en) | System and method for classifying API requests in API processing systems using a tree configuration | |
| US11218510B2 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
| RU2586866C2 (en) | Differentiation of set of features of participant of leased medium and user | |
| CN106062719B (en) | It is analyzed according to the service measure for the structuring logging mode for using data | |
| Bossert et al. | Towards automated protocol reverse engineering using semantic information | |
| KR20190109427A (en) | Ongoing Learning for Intrusion Detection | |
| US20210092160A1 (en) | Data set creation with crowd-based reinforcement | |
| US20210360032A1 (en) | Cybersecurity risk analysis and anomaly detection using active and passive external reconnaissance | |
| US20220014561A1 (en) | System and methods for automated internet-scale web application vulnerability scanning and enhanced security profiling | |
| US20220210202A1 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
| US20230362200A1 (en) | Dynamic cybersecurity scoring and operational risk reduction assessment | |
| Feitosa et al. | Investigating the effect of design patterns on energy consumption | |
| US20210136120A1 (en) | Universal computing asset registry | |
| CN109543891B (en) | Method and apparatus for establishing capacity prediction model, and computer-readable storage medium | |
| US11546380B2 (en) | System and method for creation and implementation of data processing workflows using a distributed computational graph | |
| US20210281609A1 (en) | Rating organization cybersecurity using probe-based network reconnaissance techniques | |
| WO2021216163A2 (en) | Ai-driven defensive cybersecurity strategy analysis and recommendation system | |
| US20230283641A1 (en) | Dynamic cybersecurity scoring using traffic fingerprinting and risk score improvement | |
| US20150244600A1 (en) | Structured logging schema of usage data | |
| JP2016099857A (en) | Fraudulent program handling system and fraudulent program handling method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |