CN110224858A - Alarm method and relevant apparatus based on log - Google Patents
Alarm method and relevant apparatus based on log Download PDFInfo
- Publication number
- CN110224858A CN110224858A CN201910405795.7A CN201910405795A CN110224858A CN 110224858 A CN110224858 A CN 110224858A CN 201910405795 A CN201910405795 A CN 201910405795A CN 110224858 A CN110224858 A CN 110224858A
- Authority
- CN
- China
- Prior art keywords
- alarm
- mentioned
- data
- equipment
- network equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Alarm Systems (AREA)
Abstract
The embodiment of the invention discloses a kind of alarm method and relevant apparatus based on log, this method are suitable for safety management.This method comprises: the network equipment obtains the journal file that any terminal equipment is generated when being abnormal when detecting that any terminal equipment in each terminal device is abnormal;Journal file is carried out journal formatting processing by the network equipment, obtains the journal file with object format;The network equipment reads the daily record data in the journal file with object format, and obtains in daily record data for triggering the characteristic of abnormality alarming;The network equipment is based on characteristic and generates alarm instruction information, and alarm instruction information is sent to server, and indicate that server carries out the abnormality alarming of any terminal equipment.Using the embodiment of the present invention, the performance requirement of equipment and server can effectively reduce, the problem for avoiding equipment component agreement incompatible, while alarm speed can be promoted, flexibility is high, applied widely.
Description
Technical field
The present invention relates to field field of computer technology more particularly to a kind of alarm methods and related dress based on log
It sets.
Background technique
With the continuous development of science and technology, the utilization rate of business equipment is higher and higher, various device securities also by
Step is promoted.It is understood that the decline that equipment fault will cause integral device system ability to work even results in whole equipment
The paralysis of system.In order to quickly solve the risk and failure of equipment generation, the equipment state of each equipment is supervised in real time
Control, actively acquires alarm data by server when device fails and triggers alarm, and responds alert and by equipment simultaneously
Maintenance personnel takes corresponding processing solution.
However, existing alarm mode is higher to the performance requirement of equipment and server, and not due to equipment component agreement
It is compatible and lead to that alarm or response cannot be responded not in time, property loss is brought for device systems, alarm flexibility is not high, is applicable in
Property is low.
Summary of the invention
The embodiment of the present invention provides a kind of alarm method and relevant apparatus based on log, can reduce equipment and server
It can consume, solve the problems, such as that part vendor equipment agreement is incompatible, the alarm triggered time can be effectively reduced, flexibility is higher, fits
It is wide with range.
In a first aspect, the embodiment of the present invention provides a kind of alarm method based on log, this method comprises:
When detecting that any terminal equipment in each terminal device is abnormal, the network equipment obtains any of the above-described end
The journal file that end equipment is generated when being abnormal;
Above-mentioned journal file is carried out journal formatting processing by the above-mentioned network equipment, obtains the log text with object format
Part, wherein above-mentioned object format has after journal formatting is handled same for the journal file of above-mentioned each terminal device
One format;
The above-mentioned network equipment reads the daily record data in the above-mentioned journal file with object format, and obtains above-mentioned log
For triggering the characteristic of abnormality alarming in data;
The above-mentioned network equipment is based on features described above data and generates alarm instruction information, and above-mentioned alarm instruction information is sent
To server, and indicate that above-mentioned server carries out the abnormality alarming of any of the above-described terminal device.
In embodiments of the present invention, the log text generated when terminal device is abnormal is actively obtained using the network equipment
Part avoids and alerts delay as brought by collection of server journal file, effectively reduces the alarm triggered time.Each end simultaneously
The journal file that end equipment uniformly generates same object format can effectively solve the problems, such as that equipment component and related protocol are incompatible,
The scope of application of the embodiment of the present invention is expanded, flexibility is high.
With reference to first aspect, in a kind of possible embodiment, above-mentioned journal file is carried out day by the above-mentioned network equipment
Will formatting processing, obtains having the journal file of object format include:
The file data for the journal file that the above-mentioned network equipment generates any of the above-described terminal device when being abnormal with
File screening parameter is matched, and will be determined as target data with the file data of above-mentioned file screening parameter successful match;
The above-mentioned network equipment handles above-mentioned target data progress data format to obtain the data with object format, and
The journal file with object format is generated based on the above-mentioned data with object format.
In embodiments of the present invention, target data is gone out by file screening choice of parameters, can reduced with object format
The file size of journal file, and then file transmission time is reduced, while the performance consumption of the network equipment can also be further decreased,
Applicability is high.
With reference to first aspect, different for triggering in the above-mentioned above-mentioned daily record data of acquisition in a kind of possible embodiment
The characteristic often alerted includes:
The above-mentioned network equipment is based on default alarm attributes, and interception belongs to above-mentioned default alarm attributes from above-mentioned daily record data
Data segment, and above-mentioned data segment is determined as to be used to trigger the characteristic of abnormality alarming, wherein above-mentioned default alarm attributes
One or more combinations including grade, time, reason and position;
And/or the above-mentioned network equipment matches above-mentioned daily record data with default alarm attributes data segment, will with it is above-mentioned
The data segment of default alarm attributes data segment successful match is determined as the characteristic for triggering abnormality alarming, wherein above-mentioned
Default alarm attributes data segment is grade, time, reason and the one or more default alarms of position for describing alarm
The data segment of attribute;
Wherein, when features described above data include that the corresponding alarm of the corresponding alarm grade of above-mentioned grade, above-mentioned time occurs
Between stamp, one of the corresponding alarm equipment position of the corresponding alarm cause of above-mentioned reason and above-mentioned position or multiple combinations.
With reference to first aspect, in a kind of possible embodiment, the above-mentioned network equipment is generated based on features described above data
Alarm instruction information, and above-mentioned alarm instruction information is sent to server and includes:
The above-mentioned network equipment determines the corresponding data of features described above data based on the device type of any of the above-described terminal device
Label, above-mentioned data label receive the server of features described above data for determining;
The above-mentioned network equipment is based on features described above data and above-mentioned data label and generates alarm instruction information, and by above-mentioned announcement
Alert instruction information is sent to above-mentioned server.
It with reference to first aspect, include alarm grade letter in above-mentioned alarm instruction information in a kind of possible embodiment
Breath and warning information;The abnormality alarming that the above-mentioned above-mentioned server of instruction carries out any of the above-described terminal device includes:
The above-mentioned network equipment is based on above-mentioned alarm instruction information and indicates that above-mentioned server is based on above-mentioned alarm class information institute
The alarm grade of instruction determines the corresponding alarm mode of any of the above-described terminal device;The above-mentioned network equipment judges above-mentioned alarm grade
Whether default alarm grade is greater than;
If above-mentioned alarm grade is greater than default alarm grade, the above-mentioned network equipment indicates that above-mentioned server is based on above-mentioned announcement
Above-mentioned warning information is sent to alarm receiving device by police's formula;
If above-mentioned alarm grade is no more than default alarm grade, the above-mentioned network equipment is in the corresponding announcement of above-mentioned alarm grade
When alert frequency is more than or equal to preset times, indicate that above-mentioned server is based on above-mentioned alarm mode for above-mentioned warning information
It is sent to above-mentioned alarm receiving device;
Wherein, the warning information includes at least alarm event, alarm equipment mark, alarm equipment position, alarm transmission
Timestamp and alarm cause.
In embodiments of the present invention, whether being greater than default alarm grade by judging to alert grade decides whether instruction clothes
Business device sends a warning message, and can will preferentially alert higher ranked warning information and be sent to alarm receiving device.It also avoids simultaneously
The warning information of a large amount of inferior grades is sent to system consumption brought by alarm receiving device and high-grade alarm respond it is too late
When the case where occur, convenient for alarm receiving device alarm is managed.
With reference to first aspect, in a kind of possible embodiment, the above-mentioned above-mentioned server of instruction is based on above-mentioned alarm side
After above-mentioned warning information is sent to alarm receiving device by formula, the above method further include:
The above-mentioned network equipment indicates that above-mentioned server stores above-mentioned warning information into database to obtain standby message,
It include the warning information for removing one or more terminal device except any of the above-described terminal device in above-mentioned database;
When the warning information for showing and/or inquiring the target terminal equipment in above-mentioned each terminal device based on display equipment
When, indicate that above-mentioned server obtains the warning information of above-mentioned target terminal equipment and above-mentioned target is whole from above-mentioned standby message
The warning information of end equipment is exported to above-mentioned display equipment.
In embodiments of the present invention, after indicating that warning information is sent to alarm receiving device by server, the network equipment
Warning information can be stored into database, can based on the standby message in database correct, optimization enterprise there is currently phase
Like problem, for subsequent business equipment upgrading, so that the alarming processing speed and accuracy of enterprise can be improved, in time only
Damage.
Second aspect, the embodiment of the invention provides a kind of alarm device based on log, which includes:
Acquiring unit, for obtaining above-mentioned when detecting that any terminal equipment in each terminal device is abnormal
The journal file that any terminal equipment is generated when being abnormal;
Generation unit, the above-mentioned journal file for obtaining above-mentioned acquiring unit carry out journal formatting processing, obtain
Journal file with object format, wherein above-mentioned object format is that the journal file of above-mentioned each terminal device passes through log
The same format having after formatting processing;
Above-mentioned acquiring unit, for reading in the above-mentioned journal file with object format that above-mentioned generation unit obtains
Daily record data, and obtain in above-mentioned daily record data for triggering the characteristic of abnormality alarming;
Transmission unit generates alarm instruction information for being based on features described above data, and above-mentioned alarm instruction information is sent out
It send to server, and indicates that above-mentioned server carries out the abnormality alarming of any of the above-described terminal device.
In conjunction with second aspect, in a kind of possible embodiment, above-mentioned alarm device includes:
Processing unit, the file data of the journal file for generating any of the above-described terminal device when being abnormal with
File screening parameter is matched, and will be determined as target data with the file data of above-mentioned file screening parameter successful match;
Above-mentioned generation unit, for handling above-mentioned target data progress data format to obtain the number with object format
According to, and the journal file with object format is generated based on the above-mentioned data with object format.
In conjunction with second aspect, in a kind of possible embodiment, above-mentioned processing unit is used for:
Based on default alarm attributes, interception belongs to the data segment of above-mentioned default alarm attributes from above-mentioned daily record data, and
Above-mentioned data segment is determined as to be used to trigger the characteristic of abnormality alarming, wherein above-mentioned default alarm attributes include grade, when
Between, one or more combinations of reason and position;
And/or match above-mentioned daily record data with default alarm attributes data segment, it will be with above-mentioned default alarm attributes
The data segment of data segment successful match is determined as the characteristic for triggering abnormality alarming, wherein above-mentioned default alarm attributes
Data segment is for describing the grade of alarm, time, reason and the data segment of one or more default alarm attributes of position;
Wherein, when features described above data include that the corresponding alarm of the corresponding alarm grade of above-mentioned grade, above-mentioned time occurs
Between stamp, one of the corresponding alarm equipment position of the corresponding alarm cause of above-mentioned reason and above-mentioned position or multiple combinations.
In conjunction with second aspect, in a kind of possible embodiment, above-mentioned processing unit is used for:
The corresponding data label of features described above data, above-mentioned data are determined based on the device type of any of the above-described terminal device
Label receives the server of features described above data for determining;
Above-mentioned generation unit, for generating alarm instruction information based on features described above data and above-mentioned data label, and will
Above-mentioned alarm instruction information is sent to above-mentioned server.
It include alarm grade letter in above-mentioned alarm instruction information in a kind of possible embodiment in conjunction with second aspect
Breath and warning information;Above-mentioned indicating unit, for indicating that above-mentioned server is based on above-mentioned alarm based on above-mentioned alarm instruction information
Alarm grade indicated by class information determines the corresponding alarm mode of any of the above-described terminal device;
Above-mentioned alarm device includes:
Judging unit, for judging whether above-mentioned alarm grade is greater than default alarm grade;
Above-mentioned indicating unit, for indicating that above-mentioned server is based on when above-mentioned alarm grade is greater than default alarm grade
Above-mentioned warning information is sent to alarm receiving device by above-mentioned alarm mode;
Above-mentioned indicating unit is used for when above-mentioned alarm grade is no more than default alarm grade, in above-mentioned alarm grade pair
When the alarm frequency answered is more than or equal to preset times, indicate that above-mentioned server is based on above-mentioned alarm mode for above-mentioned announcement
Alert information is sent to above-mentioned alarm receiving device;
Wherein, the warning information includes at least alarm event, alarm equipment mark, alarm equipment position, alarm transmission
Timestamp and alarm cause.
In conjunction with second aspect, in a kind of possible embodiment, above-mentioned alarm device further include:
Storage unit is also used to indicate that above-mentioned server stores above-mentioned warning information into database to obtain spare letter
It ceases, includes the warning information for removing one or more terminal device except any of the above-described terminal device in above-mentioned database;
Above-mentioned acquiring unit is also used to work as the mesh for being shown and/or being inquired based on display equipment in above-mentioned each terminal device
When marking the warning information of terminal device, indicate that above-mentioned server obtains the announcement of above-mentioned target terminal equipment from above-mentioned standby message
Alert information simultaneously exports the warning information of above-mentioned target terminal equipment to above-mentioned display equipment.
In embodiments of the present invention, differentiated control can be realized to alarm based on the modules in alarm device, can be based on
Different alarm modes can determine the alarm grade of equipment.Log text by generating each terminal device when abnormal simultaneously
Part is formatted processing and obtains the journal file of same object format, not only facilitates the alarm management of alarm receiving device,
Also reduce the performance loss of alarm receiving device, the response speed and the efficiency of management of significant increase alarm, applicability is higher.
The third aspect, the embodiment of the invention provides a kind of network equipment, which includes processor and memory,
The processor and memory are connected with each other.The memory for store support the target device execute above-mentioned first aspect and/or
The computer program for the method that any possible implementation of first aspect provides, which includes program instruction,
The processor is configured for calling above procedure instruction, executes above-mentioned first aspect and/or first aspect is any possible
Method provided by embodiment.
Fourth aspect, the embodiment of the invention provides a kind of computer readable storage medium, the computer-readable storage mediums
Matter is stored with computer program, which includes program instruction, which makes at this when being executed by a processor
It manages device and executes method provided by above-mentioned first aspect and/or any possible embodiment of first aspect.
In embodiments of the present invention, under different application scenarios and equipment selection, terminal device and terminal be can avoid
The incompatible situation of agreement in equipment greatly reduces the performance requirement that alarm receiving device receives warning information, so that alarm
Response speed is further promoted.It is that terminal device matches different alarm modes by different alarm grades, alarm is received and set
The standby alarm grade that terminal device can be directly determined based on different alarm modes can take difference for different alarm grades
Alarm responsive measures.Whether it is greater than default alarm grade by judging to alert grade to decide whether to send a warning message, it can
Higher ranked warning information will preferentially be alerted and be sent to alarm receiving device.The alarm letter of a large amount of inferior grades is also avoided simultaneously
The case where breath is sent to system consumption brought by alarm receiving device and high-grade alarm response not in time appearance, convenient for alarm
Receiving device is managed alarm.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to needed in the embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention.For ability
For the those of ordinary skill of domain, without creative efforts, it can also be obtained according to these attached drawings other attached
Figure.
Fig. 1 is the flow diagram of the alarm method provided in an embodiment of the present invention based on log;
Fig. 2 is the structural schematic diagram of the alarm device provided in an embodiment of the present invention based on log;
Fig. 3 is the structural schematic diagram of the network equipment provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Alarm method provided in an embodiment of the present invention based on log is widely portable to by various different models of equipment structures
At equipment alarm system in.The network equipment carries out lattice by the journal file for generating each terminal device when being abnormal
Formula handles to obtain the journal file of unified goal format, and by its active reporting to server can effectively reduce alarm time and
The performance consumption of server, while agreement brought by the avoidable distinct device of journal file of identical object format is incompatible
Problem, alarm flexibility is high, applied widely.
Below in conjunction with Fig. 1 to Fig. 3 respectively to the alarm method provided in an embodiment of the present invention based on log and related dress
It sets and is described in detail.
It is the flow diagram of the alarm method provided in an embodiment of the present invention based on log referring to Fig. 1, Fig. 1.The present invention
The alarm method based on log that embodiment provides may include following steps S11-S14:
S11, when detecting that any terminal equipment in each terminal device is abnormal, the network equipment obtains above-mentioned
The journal file that one terminal device is generated when being abnormal.
In some possible embodiments, above-mentioned terminal device equipment includes but is not limited to computer, server, movement
Terminal, interchanger, router, modem, gate inhibition, uninterruptible power supply (Uninterruptible Power Supply,
UPS), monitoring, camera etc. can specifically be determined, herein not based on the equipment of transmitted data on network according to practical application scene
It is limited.
In some possible embodiments, since above-mentioned each terminal device can all generate log in the process of running
The working condition of terminal device itself is recorded, therefore can be abnormal detecting any terminal equipment in each terminal device
When, the network equipment can directly acquire the journal file that any of the above-described terminal device is generated when being abnormal.At this point, the log is literary
The data recorded in part are abnormal data of any of the above-described terminal device when being abnormal, that is to say, that above-mentioned network is set at this time
It include the exception information of any of the above-described terminal device in the standby journal file obtained.It can be appreciated that by checking above-mentioned log text
Part can understand the software and hardware information of any of the above-described terminal device in time, check the mistake in configuration process and the original of mistake generation
Cause.It therefore, can be by including but is not limited to nothing for the ease of carrying out centralized collection and unified management, the network equipment to journal file
The modes such as gauze network, bluetooth and cellular mobile network obtain the abnormal letter that any of the above-described terminal device is generated when being abnormal
Breath.It is understood that actively obtaining the journal file generated when any of the above-described terminal device is abnormal using the network equipment
Both server will not be impacted, the performance of above-mentioned each terminal device will not be influenced, while can effectively shortened in acquisition
State the time for the journal file that any terminal is generated when being abnormal.It should be strongly noted that any of the above-described terminal device
The exception of generation can be terminal device in the operation of including but not limited to interface logic, interface calling, data filtering, data configuration
The software class generated Deng during is abnormal, is also possible to hardware classes (physics) failure that terminal device generates in the process of running,
It can specifically be determined according to practical application scene, herein with no restrictions.Meanwhile the network equipment can be to the fortune of above-mentioned each terminal device
Market condition is measured in real time, and when any terminal equipment is abnormal in above-mentioned each terminal device, obtains any of the above-described end
The journal file that end equipment is generated when being abnormal can not also carry out the operating condition of above-mentioned each terminal device real-time
Detection is occurred different when any terminal equipment in above-mentioned each terminal device is abnormal based on any of the above-described terminal device
Exception information triggering network equipment when often obtains the journal file that any of the above-described terminal device is generated when being abnormal, specifically
It can be determined according to practical application scene, herein with no restrictions.
Above-mentioned journal file is carried out journal formatting processing by S12, the above-mentioned network equipment, obtains the day with object format
Will file, wherein above-mentioned object format is that the journal file of above-mentioned each terminal device has after journal formatting is handled
Same format.
In some possible embodiments, the network equipment is after getting above-mentioned journal file, in order to improve above-mentioned day
Above-mentioned journal file can be carried out journal formatting processing to obtain having the journal file of object format by the transmission speed of will.
It should be strongly noted that above-mentioned object format is the journal file of above-mentioned each terminal device after journal formatting is handled
The same format having, that is to say, that the format that the network equipment carries out journal formatting treated journal file is same lattice
Formula.Wherein, above-mentioned journal formatting can be realized by format converter tools, can also pass through blas in the network equipment or control
Part realization, herein with no restrictions.
In some possible embodiments, due to journal file that any of the above-described terminal device is generated when being abnormal
In will include a large amount of unnecessary informations, in order to ensure the network equipment upload journal file capacity it is as small as possible with promotes transmit
Speed, the network equipment can be further processed above-mentioned journal file after getting above-mentioned journal file.That is the network equipment
File data and file screening the parameter progress for the journal file that any of the above-described terminal device can be generated when being abnormal
Match, target data will be determined as with the file data of above-mentioned file screening parameter successful match.The network equipment and then can will be above-mentioned
Target data carries out data format and handles to obtain the data with object format, and based on the above-mentioned data with object format
Generate the journal file with object format.It can be appreciated that the object format in the above-mentioned data with object format is above-mentioned
The same format that target data in the log of each terminal device has after data formatization processing.Wherein, above-mentioned number
It can be realized by format converter tools, data processing tools according to formatting, blas in the network equipment or control can also be passed through
Part realization, herein with no restrictions.Wherein, above-mentioned target data may include failure and/or loophole and/or optimization and/or warning
And/or the file data in the journal file of important informations such as abnormal, above-mentioned file screening parameter include historical data search note
File screening parameter and/or user-defined file screening parameter in record, the form of file screening parameter can be keyword and/or
Keyword and/or character string and/or service type and/or problem types etc. can specifically determine, herein according to practical application scene
With no restrictions.
It should be noted that the network equipment is during carrying out practically, according to practical application scene and physical end
The different journal file modes for obtaining having object format can be used in equipment, journal file directly can be carried out journal format
Change handles to obtain the journal file with object format, can also carry out screening to the file data in journal file and obtain number of targets
There is the journal file of object format according to generation in turn.But the above two log for obtaining that there is object format is used at the same time
During the mode of file, the above-mentioned object format finally obtained is same format, and above-mentioned object format includes but unlimited
In common formats such as TXT, XML, TIF and TMP, herein with no restrictions.For example, when above-mentioned object format is TXT format, by
In the data of TXT format and the journal file more light weight of TXT format, and then the journal file with TXT format can be promoted
Transmission rate so that response alarm timeliness it is shorter.Further, since the compatible institute of journal file with TXT format
Have a vendor equipment, thus can avoid the agreement incompatibility problem due to caused by the distinct device of different vendor and in turn caused by
The problems such as alarm failure, applicability is higher.
S13, the above-mentioned network equipment read the daily record data in the above-mentioned journal file with object format, and obtain above-mentioned
For triggering the characteristic of abnormality alarming in daily record data.
In some possible embodiments, number is alerted in order to enable server to receive the related of network equipment transmission rapidly
According to, and then the speed of equipment alarm is improved, the above-mentioned network equipment, can be right after obtaining the above-mentioned journal file with object format
The above-mentioned journal file with object format carries out further data processing to reduce data volume.In the specific implementation, above-mentioned network
Device-readable takes the daily record data in the above-mentioned journal file with object format, and then obtains and be used for from above-mentioned daily record data
Trigger the characteristic of abnormality alarming.Optionally, the above-mentioned network equipment can be intercepted from above-mentioned daily record data belongs to default alarm
At least one data segment of attribute, wherein above-mentioned default alarm attributes includes grade, time, reason and one kind of position or more
Kind combination, at least one data segment being truncated at this time are the characteristic for triggering abnormality alarming.Optionally, above-mentioned network
Equipment can also match above-mentioned daily record data with default alarm attributes data segment, will be with above-mentioned default alarm attributes data
The data segment of section successful match is determined as the characteristic for triggering abnormality alarming.Wherein, above-mentioned default alarm attributes data
Section for for describe to alert grade, the time, reason and one or more default alarm attributes of position data segment, it is above-mentioned
Matching way includes but is not limited to string matching algorithm, regular expression and the matching process realized based on custom function
Deng herein with no restrictions.It is not difficult to find out from above-mentioned implementation, the characteristic obtained based on above-mentioned implementation includes above-mentioned
The corresponding alarm time stamp of level attributed corresponding alarm grade, above-mentioned time attribute, the corresponding alarm of above-mentioned reason attribute are former
One of cause and the corresponding alarm equipment position of above-mentioned position attribution or multiple groups are closed.
S14, the above-mentioned network equipment are based on features described above data and generate alarm instruction information, and above-mentioned alarm is indicated information
It is sent to server, and indicates that above-mentioned server carries out the abnormality alarming of any of the above-described terminal device.
In some possible embodiments, since the data volume of server itself processing is larger, in order to reduce server
Operating load, alarm failure caused by the data error that may cause when server process characteristic is avoided, from above-mentioned
After obtaining features described above data in journal file with object format, the above-mentioned network equipment features described above data can be made into
The processing of one step.Optionally, when features described above data volume is larger, it is above-mentioned to reduce compression processing can be carried out to features described above data
Characteristic amount, and then promote data transmission bauds.Optionally, during obtaining features described above data, it is likely to be obtained phase
Same characteristic, therefore after getting features described above data, the above-mentioned network equipment can be based on data screening algorithm, data
The modes such as screening implement carry out data cleansing to features described above data, with go in features described above data duplicate characteristic and
Invalid data in features described above data, specific screening mode is herein with no restrictions.
In some possible embodiments, after obtaining features described above data, the above-mentioned network equipment can be according to above-mentioned
The data source of characteristic, the i.e. device type of the corresponding terminal device of features described above data determine a data label, should
Label includes but is not limited to one or more combinations of number, letter and character.When the number generated for processing terminal equipment
According to server it is restricted when, i.e., different servers handle respectively different terminal equipment generation data when, can be based at this time
Above-mentioned data label determines device type corresponding to the corresponding terminal device of features described above data.That is, above-mentioned data
Label can be used for determining that the server for receiving features described above data (for convenience of describing, can be carried out by taking destination server as an example below
Illustrate).Optionally, in order to promote message transmission rate, while features described above data being received convenient for above-mentioned destination server
Data processing rate is promoted later, and features described above data and above-mentioned data label can be generated alarm instruction letter by the above-mentioned network equipment
It ceases and then above-mentioned alarm instruction information is sent to destination server, to reduce features described above data and above-mentioned data mark
Data error caused by label while transmission.Wherein it is possible to by features described above data and above-mentioned data label according to default arrangement group
Conjunction mode is combined to obtain a data segment, is sent to destination service for obtain data segment as alarm instruction information
Device, the wherein arrangement of the arrangement mode of multiple data segments of features described above data and features described above data and above-mentioned data label
Mode can determine by actual scene, herein with no restrictions.Data packet Core Generator be may be based on by features described above data and above-mentioned
Data label carries out data processing and obtains data packet, that is to say, that can be by features described above data and above-mentioned data label with data packet
Form as alarm instruction information be sent to destination server.Features described above data and above-mentioned data label can also be encapsulated
For message, destination server is sent to using message as alarm instruction information, and specific implementation is herein with no restrictions.Need spy
It does not mentionlet alone bright, includes alarm class information and warning information in the above-mentioned alarm instruction information that the above-mentioned network equipment generates.Its
In, above-mentioned alarm class information includes corresponding alarm grade in features described above data, and above-mentioned alarm class information is for determining
Alarm mode corresponding to any of the above-described terminal device, wherein, the warning information includes at least alarm thing to above-mentioned warning information
Part, alarm equipment mark, alarm equipment position, alarm sending time stamp and alarm cause etc., appeal warning information can describe
All Novel presentations when any of the above-described terminal device occurs out.
In some possible embodiments, above-mentioned alarm instruction information is based in the above-mentioned network equipment indicate above-mentioned target
When above-mentioned warning information is sent to above-mentioned alarm receiving device by server, the network equipment can be based in above-mentioned alarm instruction information
The alarm class information for including indicates that above-mentioned destination server is determined based on alarm grade indicated by above-mentioned alarm class information
The corresponding alarm mode of above-mentioned target device, and indicate that above-mentioned destination server is based on above-mentioned announcement based on above-mentioned alarm instruction information
Above-mentioned warning information is sent to above-mentioned alarm receiving device by police's formula.The alarm mode that i.e. network equipment can be different is distinguished not
Alarm grade with terminal device is stopped loss in time with taking different emergency responses.Wherein, the distribution of above-mentioned alarm grade can
It is determined according to practical application scene, such as since device category is relatively simple in normal office region, it can be by above-mentioned alarm etc.
Grade is divided into the first alarm grade and the second alarm grade, in the computer room where Core server, since calculator room equipment is relatively attached most importance to
It wants and device category is more, trade company can be alerted to grade and be divided into the first alarm grade to the 8th alarm grade, to realize to computer room
The alarm grade of interior armamentarium distinguishes, herein with no restrictions.It should be strongly noted that above-mentioned alarm mode include but
It is not limited to phone, mail, system push etc., herein with no restrictions.
In some possible embodiments, if above-mentioned alarm grade is the first alarm grade, the network equipment is based on upper
It states on alarm instruction information indicates that corresponding first alarm mode of above-mentioned first alarm grade is determined as by above-mentioned destination server
State the corresponding target alarms mode of any terminal equipment.If above-mentioned alarm grade is the second alarm grade, the network equipment is based on
Above-mentioned alarm instruction information indicates that corresponding second alarm mode of above-mentioned second alarm grade is determined as by above-mentioned destination server
The corresponding target alarms mode of any of the above-described terminal device.Wherein, the alarm instantaneity of above-mentioned first alarm mode is higher than above-mentioned
The alarm instantaneity of second alarm mode, and above-mentioned first alarm mode is different from above-mentioned second alarm mode.It needs to say herein
Bright, above-mentioned alarm grade not only only includes the first alarm grade and the second alarm grade, may also comprise other grades
Grade is alerted, can specifically be determined according to practical application scene, herein with no restrictions.For example, in a certain computer room
For the network equipment, alarm caused by core layer network device, since a minor issue this may result in the paralysis of whole network
Paralysis, the network equipment can indicate alarm grade of the above-mentioned destination server by core layer network device based on above-mentioned alarm instruction information
It is determined as the first alarm grade and its alarm mode is arranged to be to pass through warning by telephone.For being accused caused by convergence layer network device
Alert, since convergence layer network device is the convergent point of more access layer network equipment, the network equipment is based on above-mentioned alarm instruction letter
Breath can indicate that the alarm grade for converging layer network device is determined as the second alarm grade by above-mentioned destination server, and its announcement is arranged
Police's formula is to pass through short message alarm.And for access layer network equipment, since access layer is to provide for user in local network
The ability of section access application system, the network equipment, which is based on above-mentioned alarm instruction information, can indicate above-mentioned destination server by access layer
The alarm grade of equipment is determined as third alarm grade, and its alarm mode, which is arranged, to be alerted by mail.Wherein, warning by telephone
Alarm instantaneity be higher than the alarm instantaneity of short message alarm, the alarm instantaneity of short message alarm is higher than the alarm that mail alerts and is
Shi Xing can specifically be determined, herein with no restrictions according to practical application scene.
In some possible embodiments, up to ten thousand equipment may be runed in application scenes simultaneously, therefore i.e.
Make to be to just look at each equipment belonged in a certain identical alarm grade in synchronization and/or the generation within certain a period of time
The quantity of warning information is also very large, and the same fault severity level for alerting each terminal device in grade is also different
Sample.At this point, if the network equipment based on above-mentioned alarm instruction information to indicate that above-mentioned destination server generates above equipment every
One warning information is all immediately sent to alarm receiving device, then the difficulty and workload of plant maintenance are also very huge
's.Therefore, for the warning information of fault degree very little, selectable delay alarm.
In some possible embodiments, in practical applications, when alerting grade is Level 1Alarming, it may be determined that equipment
Occur catastrophe failure or gross mistake at runtime, then the network equipment, which is based on above-mentioned alarm instruction information, can indicate above-mentioned mesh
Mark server is connect by the way that warning information is sent to corresponding alarm immediately in a manner of the corresponding target alarms of above-mentioned alarm grade
Receiving unit, to check terminal equipment failure in time after receiving warning information.When alerting grade is second level alarm, usual table
Although error event has occurred in bright equipment, but still continuing to run for system is not influenced, at this point, the network equipment statistics available end
End equipment generates the number of second level alarm, when the number of second level alarm is more than or equal to the preset times of second level alarm, net
Network equipment, which is based on above-mentioned alarm instruction information, can indicate that above-mentioned destination server alerts corresponding target alarms mode by second level
Warning information is sent to corresponding alarm receiving device.When alerting grade is three-level alarm, generally indicate that terminal device can
Latent fault can occur, at this point, the statistics available terminal device of the network equipment generates the number of three-level alarm, when three-level alarm
When alerting preset times of the number more than or equal to three-level alarm, the network equipment, which is based on above-mentioned alarm instruction information, to be indicated
It states destination server corresponding target alarms mode is alerted by three-level and warning information is sent to corresponding alarm receiving device.
Wherein, the alarm preset times of above-mentioned alarm at different levels can be identical, can also be different, with specific reference to practical application scene
It determines, herein with no restrictions.It is understood that network is set when the alarm number of any rank alarm is less than preset times
It is standby to indicate that above-mentioned destination server issues warning information based on above-mentioned alarm instruction information, pass through the side of delay alarm
Formula can greatly reduce the alarm quantity that alarm receiving device receives, and avoid a large amount of repetition and alert.
Under normal circumstances, when alerting grade is Level 1Alarming, since alarm event is the most serious, the network equipment is based on
Above-mentioned alarm instruction information can indicate above-mentioned destination server to corresponding first alarm of Level 1Alarming matching the first alarm grade
Mode is to ensure that such Level 1Alarming can be responded with highest instantaneity and take corresponding responsive measures.When alarm grade is two
When grade alarm, the network equipment, which is based on above-mentioned alarm, can indicate that information indicates that above-mentioned destination server accuses second level alarm matching second
Corresponding second alarm mode of police's grade is alerted and is adopted with the such second level of the lower instantaneity response of the first alarm mode with opposite
Corresponding responsive measures are taken, and so on, details are not described herein for other alarm grades.It should be strongly noted that specific accuse
The corresponding alarm mode of police's grade can be determined according to practical application scene.Such as it is only needed under certain scene due to actual demand
Corresponding second alarm mode of the second alarm grade is matched to Level 1Alarming, that is to say, that the second alarm grade is corresponding
The warning information that second alarm mode can meet Level 1Alarming at this time sends instantaneity and sending method, other alarm grades
If second level alarm can match corresponding first alarm mode of the first alarm grade under certain specific demand, timeliness can also be matched
Lower alarm mode, herein with no restrictions.
Optionally, in some possible embodiments, the network equipment can also be by by the alarm grade of terminal device
It is compared with predetermined level, determines whether above-mentioned alarm grade is greater than predetermined level.If above-mentioned alarm grade is no more than default
Grade, the network equipment indicate above-mentioned when the corresponding alarm frequency of above-mentioned alarm grade is more than or equal to preset times
Destination server is based on above-mentioned alarm mode and above-mentioned warning information is sent to above-mentioned alarm receiving device.When above-mentioned alarm grade
When the number of generation is more than or equal to preset times, the above-mentioned network equipment indicates that above-mentioned destination server is based on above-mentioned alarm side
Above-mentioned warning information is sent to alarm receiving device by formula.It is understood that when the number that above-mentioned alarm grade occurs is less than
When preset times, the above-mentioned network equipment will not indicate that above-mentioned destination server sending warning information in this way can also
Greatly reduce the alarm quantity that alarm receiving device receives, avoids a large amount of repetition and alert.
In some possible embodiments, when network equipment instruction server is based on above-mentioned alarm mode for warning information
When being sent to alarm receiving device with text mode, the detailed equipment position of terminal device can be shown in alarm equipment front end page
It sets, significance level, failure and/or risk reason, device type and device parameter etc., herein with no restrictions.So as to base
The details of alarm equipment are got information about in further detail in the information of displaying, convenient for taking accordingly based on above-mentioned warning information
Emergency response measure.
In the specific implementation, the network equipment can indicate server according to present terminal equipment after terminal device alerts
Significance level send different warning information, can generate warning information first time automatically confirm that locating for alarm equipment
Position facilitates enterprise work personnel to position alarm equipment in time, takes emergency response measure.Announcement is not retransmited after alerting and releasing
Alert information, while can be by the location information of alarm equipment, alarm cause, significance level and the emergency response measure taken etc.
It feeds back in related system database.It is whole when showing and/or inquiring the target in above-mentioned each terminal device based on display equipment
When the warning information of end equipment, the network equipment can obtain the warning information of above-mentioned target terminal equipment simultaneously from above-mentioned standby message
The warning information of above-mentioned target terminal equipment is exported to above-mentioned display equipment., can correct, optimize enterprise there is currently it is similar
Problem, for subsequent business equipment upgrading, so that the alarming processing speed and accuracy of enterprise can be improved, in time only
Damage.Herein it should be noted that after equipment alerts, the timeliness of system response alarm is triggered with second grade, response speed
The response speed of degree significantly larger than nowadays conventional alarm mode, while can also be sent warning information to pair with identical timeliness
Answer enterprise work personnel.In the case where the timeliness of response alarm and transmitting warning information is triggered with second grade, substantially reduce
Alarm occurs from equipment and is transmitted to the time consumed by enterprise work personnel to warning information, so that enterprise can adopt at the first time
Take emergency response measure.Business processes equipment alarm is not only facilitated, can more prevent from being alerted for a long time not by terminal device in time
Possible serious consequence can be resolved.
In embodiments of the present invention, under different application scenarios and equipment selection, terminal device and terminal be can avoid
The incompatible situation of agreement in equipment greatly reduces the performance requirement that alarm receiving device receives warning information, alarm response speed
Degree is further promoted.It is that terminal device matches different alarm modes by different alarm grades, alarm receiving device can base
The alarm grade of terminal device is directly determined in different alarm modes, different alarms can be taken for different alarm grades
Responsive measures.Whether be greater than default alarm grade by judging to alert grade to decide whether to send a warning message, can preferentially by
It alerts higher ranked warning information and is sent to alarm receiving device.The warning information for also avoiding a large amount of inferior grades simultaneously is sent
The case where to system consumption brought by alarm receiving device and high-grade alarm response not in time, occurs, and receives and sets convenient for alarm
It is standby that alarm is managed.
Referring to fig. 2, Fig. 2 is the structural schematic diagram of the alarm device provided in an embodiment of the present invention based on log.The present invention
Embodiment provide the alarm device based on log include:
Acquiring unit 21, for when detecting that any terminal equipment in each terminal device is abnormal, in acquisition
State the journal file that any terminal equipment is generated when being abnormal;
Generation unit 22, the above-mentioned journal file for obtaining above-mentioned acquiring unit 21 carry out journal formatting processing,
Obtain the journal file with object format, wherein above-mentioned object format is that the journal file of above-mentioned each terminal device passes through
The same format having after journal formatting processing;
Above-mentioned acquiring unit 21, for reading in the above-mentioned journal file with object format that above-mentioned generation unit obtains
Daily record data, and obtain in above-mentioned daily record data for triggering the characteristic of abnormality alarming;
Above-mentioned alarm for generating alarm instruction information based on features described above data, and is indicated information by transmission unit 23
It is sent to server, and indicates that above-mentioned server carries out the abnormality alarming of any of the above-described terminal device.
In some possible embodiments, above-mentioned alarm device includes:
Processing unit 24, the file data of the journal file for generating any of the above-described terminal device when being abnormal
It is matched with file screening parameter, target data will be determined as with the file data of above-mentioned file screening parameter successful match;
Above-mentioned generation unit 22 has object format for handling to obtain above-mentioned target data progress data format
Data, and the journal file with object format is generated based on the above-mentioned data with object format.
In some possible embodiments, above-mentioned processing unit 24 is used for:
Based on default alarm attributes, interception belongs to the data segment of above-mentioned default alarm attributes from above-mentioned daily record data, and
Above-mentioned data segment is determined as to be used to trigger the characteristic of abnormality alarming, wherein above-mentioned default alarm attributes include grade, when
Between, one or more combinations of reason and position;
And/or match above-mentioned daily record data with default alarm attributes data segment, it will be with above-mentioned default alarm attributes
The data segment of data segment successful match is determined as the characteristic for triggering abnormality alarming, wherein above-mentioned default alarm attributes
Data segment is for describing the grade of alarm, time, reason and the data segment of one or more default alarm attributes of position;
Wherein, when features described above data include that the corresponding alarm of the corresponding alarm grade of above-mentioned grade, above-mentioned time occurs
Between stamp, one of the corresponding alarm equipment position of the corresponding alarm cause of above-mentioned reason and above-mentioned position or multiple combinations.
In some possible embodiments, above-mentioned processing unit 24 is used for:
The corresponding data label of features described above data, above-mentioned data are determined based on the device type of any of the above-described terminal device
Label receives the server of features described above data for determining;
Above-mentioned generation unit 22, for generating alarm instruction information based on features described above data and above-mentioned data label, and
Above-mentioned alarm instruction information is sent to above-mentioned server.
It in some possible embodiments, include alarm class information and warning information in above-mentioned alarm instruction information;
Above-mentioned indicating unit 25, for indicating that above-mentioned server is based on above-mentioned alarm grade based on above-mentioned alarm instruction information
Alarm grade indicated by information determines the corresponding alarm mode of any of the above-described terminal device;
Above-mentioned alarm device includes:
Judging unit 26, for judging whether above-mentioned alarm grade is greater than default alarm grade;
Above-mentioned indicating unit 25, for indicating above-mentioned server base when above-mentioned alarm grade is greater than default alarm grade
Above-mentioned warning information is sent to alarm receiving device in above-mentioned alarm mode;
Above-mentioned indicating unit 25 is used for when above-mentioned alarm grade is no more than default alarm grade, in above-mentioned alarm grade
When corresponding alarm frequency is more than or equal to preset times, indicate that above-mentioned server will be above-mentioned based on above-mentioned alarm mode
Warning information is sent to above-mentioned alarm receiving device;
Wherein, the warning information includes at least alarm event, alarm equipment mark, alarm equipment position, alarm transmission
Timestamp and alarm cause.
In some possible embodiments, above-mentioned alarm device further include:
It is spare to obtain to be also used to indicate that above-mentioned server stores above-mentioned warning information into database for storage unit 27
Information includes the alarm letter for removing one or more terminal device except any of the above-described terminal device in above-mentioned database
Breath;
Above-mentioned acquiring unit 21 is also used to show and/or inquire in above-mentioned each terminal device when based on display equipment
When the warning information of target terminal equipment, indicate that above-mentioned server obtains above-mentioned target terminal equipment from above-mentioned standby message
Warning information simultaneously exports the warning information of above-mentioned target terminal equipment to above-mentioned display equipment.
In the specific implementation, above-mentioned apparatus can be executed as provided by each step of figure 1 above by the modules built in it
Implementation.For example, above-mentioned acquiring unit 21 can be used for detect that any terminal equipment generation in each terminal device is different
Chang Shi obtains the journal file and other implementations that any of the above-described terminal device is generated when being abnormal, and for details, reference can be made to above-mentioned
Implementation provided by each step, details are not described herein.Above-mentioned generation unit 22 can be used for obtaining above-mentioned acquiring unit 21
The above-mentioned journal file taken carries out journal formatting processing, obtains having journal file of object format and other implementations, specifically
It can be found in implementation provided by above-mentioned each step, details are not described herein.Above-mentioned transmission unit 23 can be used for based on above-mentioned
Characteristic generate alarm instruction information, and by above-mentioned alarm instruction information be sent to server, and indicate above-mentioned server into
The abnormality alarming and other implementations of any of the above-described terminal device of row, for details, reference can be made to realization sides provided by above-mentioned each step
Formula, details are not described herein.The log that above-mentioned processing unit 24 can be used for generating any of the above-described terminal device when being abnormal
The file data of file is matched with file screening parameter, will be true with the file data of above-mentioned file screening parameter successful match
It is set to target data and other implementations, for details, reference can be made to implementations provided by above-mentioned each step, and details are not described herein.On
Stating indicating unit 25 can be used for indicating that above-mentioned server is based on above-mentioned alarm when above-mentioned alarm grade is greater than default alarm grade
Above-mentioned warning information is sent to alarm receiving device and other implementations by mode, and for details, reference can be made to provided by above-mentioned each step
Implementation, details are not described herein.Above-mentioned judging unit 26 can be used for judging whether above-mentioned alarm grade is greater than default alarm etc.
Grade and other implementations, for details, reference can be made to implementations provided by above-mentioned each step, and details are not described herein.Said memory cells
27, which may be used to indicate above-mentioned server, stores above-mentioned warning information into database to obtain standby message and other implementations, tool
Body can be found in implementation provided by above-mentioned each step, and details are not described herein.
In embodiments of the present invention, differentiated control can be realized to alarm based on the modules in alarm device, can be based on
Different alarm modes can determine the alarm grade of equipment.Log text by generating each terminal device when abnormal simultaneously
Part is formatted processing and obtains the journal file of same object format, not only facilitates the alarm management of alarm receiving device,
Also reduce the performance loss of alarm receiving device, the response speed and the efficiency of management of significant increase alarm, applicability is higher.
It is the structural schematic diagram of the network equipment provided in an embodiment of the present invention referring to Fig. 3, Fig. 3.As shown in figure 3, this implementation
The network equipment in example may include: one or more processors 31 and memory 32.Above-mentioned processor 31 and memory 32 are logical
Cross the connection of bus 33.Memory 32 is for storing computer program, which includes program instruction, and processor 31 is used for
The program instruction that memory 32 stores is executed, is performed the following operations:
When detecting that any terminal equipment in each terminal device is abnormal, obtains any of the above-described terminal device and exist
The journal file generated when being abnormal;
The above-mentioned journal file that above-mentioned acquiring unit is obtained carries out journal formatting processing, obtains having object format
Journal file, wherein above-mentioned object format is that the journal file of above-mentioned each terminal device has after journal formatting is handled
The same format having;
The above-mentioned network equipment reads the daily record data in the above-mentioned journal file with object format, and obtains above-mentioned log
For triggering the characteristic of abnormality alarming in data;
The above-mentioned network equipment is based on features described above data and generates alarm instruction information, and above-mentioned alarm instruction information is sent
To server, and indicate that above-mentioned server carries out the abnormality alarming of any of the above-described terminal device.
In some possible embodiments, above-mentioned processor 31 is used for:
The file data and file screening parameter for the journal file that any of the above-described terminal device is generated when being abnormal
It is matched, target data will be determined as with the file data of above-mentioned file screening parameter successful match;
Above-mentioned target data progress data format is handled to obtain the data with object format, and is had based on above-mentioned
The data of object format generate the journal file with object format.
In some possible embodiments, above-mentioned processor 31 is used for:
Based on default alarm attributes, interception belongs to the data segment of above-mentioned default alarm attributes from above-mentioned daily record data, and
Above-mentioned data segment is determined as to be used to trigger the characteristic of abnormality alarming, wherein above-mentioned default alarm attributes include grade, when
Between, one or more combinations of reason and position;
And/or match above-mentioned daily record data with default alarm attributes data segment, it will be with above-mentioned default alarm attributes
The data segment of data segment successful match is determined as the characteristic for triggering abnormality alarming, wherein above-mentioned default alarm attributes
Data segment is for describing the grade of alarm, time, reason and the data segment of one or more default alarm attributes of position;
Wherein, when features described above data include that the corresponding alarm of the corresponding alarm grade of above-mentioned grade, above-mentioned time occurs
Between stamp, one of the corresponding alarm equipment position of the corresponding alarm cause of above-mentioned reason and above-mentioned position or multiple combinations.
In some possible embodiments, above-mentioned processor 31 is used for:
The corresponding data label of features described above data, above-mentioned data are determined based on the device type of any of the above-described terminal device
Label receives the server of features described above data for determining;
Alarm instruction information is generated based on features described above data and above-mentioned data label, and above-mentioned alarm instruction information is sent out
It send to above-mentioned server.
It in some possible embodiments, include alarm class information and warning information in above-mentioned alarm instruction information;
Above-mentioned processor 31 is used for:
Indicate above-mentioned server based on alarm indicated by above-mentioned alarm class information etc. based on above-mentioned alarm instruction information
Grade determines the corresponding alarm mode of any of the above-described terminal device;
Judge whether above-mentioned alarm grade is greater than default alarm grade;
When above-mentioned alarm grade is greater than default alarm grade, indicate that above-mentioned server will be above-mentioned based on above-mentioned alarm mode
Warning information is sent to alarm receiving device;
It is big in the corresponding alarm frequency of above-mentioned alarm grade when above-mentioned alarm grade is no more than default alarm grade
When preset times, indicate that above-mentioned server is based on above-mentioned alarm mode and above-mentioned warning information is sent to above-mentioned announcement
Alert receiving device;
Wherein, the warning information includes at least alarm event, alarm equipment mark, alarm equipment position, alarm transmission
Timestamp and alarm cause.
In some possible embodiments, above-mentioned processor 31 is also used to:
Indicate that above-mentioned server stores above-mentioned warning information into database to obtain standby message, in above-mentioned database
Warning information including removing one or more terminal device except any of the above-described terminal device;
When the warning information for showing and/or inquiring the target terminal equipment in above-mentioned each terminal device based on display equipment
When, indicate that above-mentioned server obtains the warning information of above-mentioned target terminal equipment and above-mentioned target is whole from above-mentioned standby message
The warning information of end equipment is exported to above-mentioned display equipment.
It should be appreciated that in some possible embodiments, above-mentioned processor 31 can be central generation unit
(central processing unit, CPU), which can also be other general processors, digital signal processor
(digital signal processor, DSP), specific integrated circuit (application specific integrated
Circuit, ASIC), ready-made programmable gate array (field-programmable gate array, FPGA) or other can
Programmed logic device, discrete gate or transistor logic, discrete hardware components etc..General processor can be microprocessor
Or the processor is also possible to any conventional processor etc..
The memory 32 may include read-only memory and random access memory, and provide instruction sum number to processor 31
According to.The a part of of memory 32 can also include nonvolatile RAM.It is set for example, memory 32 can also store
The information of standby type.
In the specific implementation, above-mentioned target device can be executed by each functional module built in it as each in above-mentioned Fig. 1
Implementation provided by step, for details, reference can be made to implementations provided by above-mentioned each step, and details are not described herein.
In embodiments of the present invention, under different application scenarios and equipment selection, terminal device and terminal be can avoid
The incompatible situation of device protocol greatly reduces the performance requirement that alarm receiving device receives warning information, alerts response speed
Further promoted.It is that terminal device matches different alarm modes by different alarm grades, alarm receiving device can be based on
Different alarm modes directly determines the alarm grade of terminal device, different alarms can be taken to ring for different alarm grades
Answer measure.Whether it is greater than default alarm grade by judging to alert grade to decide whether to send a warning message, it can preferentially will announcement
Alert higher ranked warning information is sent to alarm receiving device.The warning information for also avoiding a large amount of inferior grades simultaneously is sent to
The case where system consumption brought by alarm receiving device and high-grade alarm respond not in time occurs, convenient for alarm receiving device
Alarm is managed.
The embodiment of the present invention also provides a kind of computer readable storage medium, which has meter
Calculation machine program, the computer program include program instruction, which realizes each step institute in Fig. 1 when being executed by processor
The method of offer, for details, reference can be made to implementations provided by above-mentioned each step, and details are not described herein.
Above-mentioned computer readable storage medium can be the Task Processing Unit or above-mentioned that aforementioned any embodiment provides
The internal storage unit of target device, such as the hard disk or memory of electronic equipment.The computer readable storage medium is also possible to
The plug-in type hard disk being equipped on the External memory equipment of the electronic equipment, such as the electronic equipment, intelligent memory card (smart
Media card, SMC), secure digital (secure digital, SD) card, flash card (flash card) etc..Above-mentioned computer
Readable storage medium storing program for executing can also include magnetic disk, CD, read-only memory (read-only memory, ROM) or deposit at random
Store up memory body (randomaccess memory, RAM) etc..Further, which can also both include
The internal storage unit of the electronic equipment also includes External memory equipment.The computer readable storage medium is for storing the calculating
Other programs and data needed for machine program and the electronic equipment.The computer readable storage medium can be also used for temporarily
Store the data that has exported or will export.
Claims of the present invention and term " first " in specification and attached drawing, " second " etc. are for distinguishing difference
Object is not use to describe a particular order.In addition, term " includes " and " having " and their any deformations, it is intended that
It covers and non-exclusive includes.Such as it contains the process, method, system, product or equipment of a series of steps or units and does not limit
Due to listed step or unit, but optionally further comprising the step of not listing or unit, or optionally further comprising it is right
In the intrinsic other step or units of these process, methods, product or equipment.Referenced herein " embodiment " is it is meant that knot
The a particular feature, structure, or characteristic for closing embodiment description may include at least one embodiment of the present invention.In specification
In each position show that the phrase might not each mean identical embodiment, nor the independence with other embodiments mutual exclusion
Or alternative embodiment.Those skilled in the art explicitly and implicitly understand, embodiment described herein can be with
It is combined with other embodiments.Refer in description of the invention to term "and/or" used in the appended claims related
Join any combination and all possible combinations of one or more of item listed, and including these combinations.
The above disclosure is only the preferred embodiments of the present invention, cannot limit the right model of the present invention with this certainly
It encloses, therefore equivalent changes made in accordance with the claims of the present invention, is still within the scope of the present invention.
Claims (10)
1. a kind of alarm method based on log, which is characterized in that the described method includes:
When detecting that any terminal equipment in each terminal device is abnormal, the network equipment obtains any terminal and sets
The standby journal file generated when being abnormal;
The journal file is carried out journal formatting processing by the network equipment, obtains the journal file with object format,
Wherein, the same lattice that the object format has after journal formatting is handled for the journal file of each terminal device
Formula;
The network equipment reads the daily record data in the journal file with object format, and obtains the daily record data
In for triggering the characteristic of abnormality alarming;
The network equipment is based on the characteristic and generates alarm instruction information, and alarm instruction information is sent to clothes
Business device, indicates that the server carries out the abnormality alarming of any terminal equipment.
2. the method according to claim 1, wherein the journal file is carried out log lattice by the network equipment
Formulaization processing, obtains having the journal file of object format include:
The file data and file for the journal file that the network equipment generates any terminal equipment when being abnormal
Screening parameter is matched, and will be determined as target data with the file data of the file screening parameter successful match;
The network equipment handles target data progress data format to obtain the data with object format, and is based on
The data with object format generate the journal file with object format.
3. method according to claim 1 or 2, which is characterized in that different for triggering in the acquisition daily record data
The characteristic often alerted includes:
The network equipment is based on default alarm attributes, and interception belongs to the number of the default alarm attributes from the daily record data
According to section, and the data segment is determined as to be used to trigger the characteristic of abnormality alarming, wherein the default alarm attributes includes
Grade, time, reason and one or more combinations of position;
And/or the network equipment matches the daily record data with default alarm attributes data segment, will preset with described
The data segment of alarm attributes data segment successful match is determined as the characteristic for triggering abnormality alarming, wherein described default
Alarm attributes data segment is grade, time, reason and the one or more default alarm attributes of position for describing alarm
Data segment;
Wherein, the characteristic includes the corresponding alarm grade of the grade, time corresponding alarm time of origin stamp,
One of corresponding alarm equipment position of the corresponding alarm cause of reason and the position or multiple combinations.
4. method according to any one of claims 1 to 3, which is characterized in that the network equipment is based on the characteristic
Instruction information is alerted according to generating, and alarm instruction information is sent to server and includes:
The network equipment determines the corresponding data label of the characteristic based on the device type of any terminal equipment,
The data label receives the server of the characteristic for determining;
The network equipment is based on the characteristic and the data label generates alarm instruction information, and the alarm is referred to
Show that information is sent to the server.
5. according to the method described in claim 4, it is characterized in that, the alarm instruction information in include alarm class information and
Warning information;The abnormality alarming that the instruction server carries out any terminal equipment includes:
The network equipment is based on alarm instruction information and indicates that the server is based on indicated by the alarm class information
Alarm grade determine the corresponding alarm mode of any terminal equipment;
The network equipment judges whether the alarm grade is greater than default alarm grade;
If the alarm grade is greater than default alarm grade, the network equipment indicates that the server is based on the alarm side
The warning information is sent to alarm receiving device by formula;
If the alarm grade is no more than default alarm grade, the network equipment is in the corresponding alarm hair of the alarm grade
When raw number is more than or equal to preset times, indicate that the server is based on the alarm mode and sends the warning information
To the alarm receiving device;
Wherein, the warning information includes at least alarm event, alarm equipment mark, alarm equipment position, alarm sending time
Stamp and alarm cause.
6. according to the method described in claim 5, it is characterized in that, the instruction server will based on the alarm mode
The warning information is sent to after alarm receiving device, the method also includes:
The network equipment indicates that the server stores the warning information into database to obtain standby message, described
It include the warning information for removing one or more terminal device except any terminal equipment in database;
When showing and/or inquiring the warning information of the target terminal equipment in each terminal device based on display equipment,
The network equipment indicates that the server obtains the warning information of the target terminal equipment and incited somebody to action from the standby message
The warning information of the target terminal equipment is exported to the display equipment.
7. a kind of alarm device based on log, which is characterized in that the alarm device includes:
Acquiring unit, for obtaining described any when detecting that any terminal equipment in each terminal device is abnormal
The journal file that terminal device is generated when being abnormal;
Generation unit, the journal file for obtaining the acquiring unit carry out journal formatting processing, are had
The journal file of object format, wherein the object format is that the journal file of each terminal device passes through journal format
The same format having after change processing;
The acquiring unit, for read the generation unit obtain described in object format journal file in log
Data, and obtain in the daily record data for triggering the characteristic of abnormality alarming;
Transmission unit for generating alarm instruction information based on the characteristic, and alarm instruction information is sent to
Server, and indicate that the server carries out the abnormality alarming of any terminal equipment.
8. device according to claim 7, which is characterized in that the alarm device includes:
Processing unit, the file data and file of the journal file for generating any terminal equipment when being abnormal
Screening parameter is matched, and will be determined as target data with the file data of the file screening parameter successful match;
The generation unit, for handling target data progress data format to obtain the data with object format,
And the journal file with object format is generated based on the data with object format.
9. a kind of network equipment, which is characterized in that including processor and memory, the processor and memory are connected with each other;
The memory is for storing computer program, and the computer program includes program instruction, and the processor is configured
For calling described program to instruct, such as method as claimed in any one of claims 1 to 6 is executed.
10. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has computer journey
Sequence, the computer program include program instruction, and described program instruction executes the processor such as
Method as claimed in any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910405795.7A CN110224858B (en) | 2019-05-16 | 2019-05-16 | Log-based alarm method and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910405795.7A CN110224858B (en) | 2019-05-16 | 2019-05-16 | Log-based alarm method and related device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110224858A true CN110224858A (en) | 2019-09-10 |
| CN110224858B CN110224858B (en) | 2022-12-02 |
Family
ID=67821047
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910405795.7A Active CN110224858B (en) | 2019-05-16 | 2019-05-16 | Log-based alarm method and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110224858B (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110620790A (en) * | 2019-10-10 | 2019-12-27 | 国网山东省电力公司信息通信公司 | Network security device linkage processing method and device |
| CN110830438A (en) * | 2019-09-25 | 2020-02-21 | 杭州优行科技有限公司 | Abnormal log warning method and device and electronic equipment |
| CN110851332A (en) * | 2019-11-13 | 2020-02-28 | 上海闻泰电子科技有限公司 | Log file processing method, device, equipment and medium |
| CN111106953A (en) * | 2019-12-16 | 2020-05-05 | 深圳前海微众银行股份有限公司 | Abnormal root cause analysis method and device |
| CN111478889A (en) * | 2020-03-27 | 2020-07-31 | 新浪网技术(中国)有限公司 | Alarm method and device |
| CN111564027A (en) * | 2020-05-08 | 2020-08-21 | 北京深演智能科技股份有限公司 | Alarm information processing method and device |
| CN111708679A (en) * | 2020-05-08 | 2020-09-25 | 中国建设银行股份有限公司 | Log monitoring method, system, device and storage medium |
| CN111740868A (en) * | 2020-07-07 | 2020-10-02 | 腾讯科技(深圳)有限公司 | Alarm data processing method and device and storage medium |
| CN111881156A (en) * | 2020-07-24 | 2020-11-03 | 广东省信息工程有限公司 | Abnormal log processing method, device, medium and terminal equipment |
| CN111953541A (en) * | 2020-08-10 | 2020-11-17 | 腾讯科技(深圳)有限公司 | Alarm information processing method and device, computer equipment and storage medium |
| CN112767636A (en) * | 2021-01-14 | 2021-05-07 | 广州穗能通能源科技有限责任公司 | Fire alarm method, fire alarm device, computer equipment and storage medium |
| CN113395179A (en) * | 2021-06-11 | 2021-09-14 | 中国科学技术大学 | Method for improving readability of BGP peer jitter alarm information in IP network |
| CN113660107A (en) * | 2021-06-29 | 2021-11-16 | 广东电网有限责任公司广州供电局 | Fault location method, system, computer device and storage medium |
| CN113900755A (en) * | 2021-10-11 | 2022-01-07 | 重庆紫光华山智安科技有限公司 | Alarm page processing method and device, computer equipment and readable storage medium |
| CN114650218A (en) * | 2020-12-17 | 2022-06-21 | 中移(苏州)软件技术有限公司 | Data acquisition method, equipment, system and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090013007A1 (en) * | 2007-07-05 | 2009-01-08 | Interwise Ltd. | System and Method for Collection and Analysis of Server Log Files |
| CN106385331A (en) * | 2016-09-08 | 2017-02-08 | 努比亚技术有限公司 | Method and system for monitoring alarm based on log |
| CN106992876A (en) * | 2017-03-04 | 2017-07-28 | 郑州云海信息技术有限公司 | Cloud platform blog management method and system |
| CN108933791A (en) * | 2018-07-09 | 2018-12-04 | 国网山东省电力公司信息通信公司 | One kind being based on Electricity Information Network Safeguard tactics intelligent optimization method and device |
| CN109324996A (en) * | 2018-10-12 | 2019-02-12 | 平安科技(深圳)有限公司 | Journal file processing method, device, computer equipment and storage medium |
-
2019
- 2019-05-16 CN CN201910405795.7A patent/CN110224858B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090013007A1 (en) * | 2007-07-05 | 2009-01-08 | Interwise Ltd. | System and Method for Collection and Analysis of Server Log Files |
| CN106385331A (en) * | 2016-09-08 | 2017-02-08 | 努比亚技术有限公司 | Method and system for monitoring alarm based on log |
| CN106992876A (en) * | 2017-03-04 | 2017-07-28 | 郑州云海信息技术有限公司 | Cloud platform blog management method and system |
| CN108933791A (en) * | 2018-07-09 | 2018-12-04 | 国网山东省电力公司信息通信公司 | One kind being based on Electricity Information Network Safeguard tactics intelligent optimization method and device |
| CN109324996A (en) * | 2018-10-12 | 2019-02-12 | 平安科技(深圳)有限公司 | Journal file processing method, device, computer equipment and storage medium |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110830438A (en) * | 2019-09-25 | 2020-02-21 | 杭州优行科技有限公司 | Abnormal log warning method and device and electronic equipment |
| CN110620790B (en) * | 2019-10-10 | 2021-11-02 | 国网山东省电力公司信息通信公司 | Network security device linkage processing method and device |
| CN110620790A (en) * | 2019-10-10 | 2019-12-27 | 国网山东省电力公司信息通信公司 | Network security device linkage processing method and device |
| CN110851332A (en) * | 2019-11-13 | 2020-02-28 | 上海闻泰电子科技有限公司 | Log file processing method, device, equipment and medium |
| CN110851332B (en) * | 2019-11-13 | 2023-09-26 | 上海闻泰电子科技有限公司 | Log file processing method, device, equipment and medium |
| CN111106953A (en) * | 2019-12-16 | 2020-05-05 | 深圳前海微众银行股份有限公司 | Abnormal root cause analysis method and device |
| CN111106953B (en) * | 2019-12-16 | 2024-04-16 | 深圳前海微众银行股份有限公司 | Method and device for analyzing abnormal root cause |
| CN111478889A (en) * | 2020-03-27 | 2020-07-31 | 新浪网技术(中国)有限公司 | Alarm method and device |
| CN111708679A (en) * | 2020-05-08 | 2020-09-25 | 中国建设银行股份有限公司 | Log monitoring method, system, device and storage medium |
| CN111564027A (en) * | 2020-05-08 | 2020-08-21 | 北京深演智能科技股份有限公司 | Alarm information processing method and device |
| CN111740868A (en) * | 2020-07-07 | 2020-10-02 | 腾讯科技(深圳)有限公司 | Alarm data processing method and device and storage medium |
| CN111740868B (en) * | 2020-07-07 | 2023-12-15 | 腾讯科技(深圳)有限公司 | Alarm data processing method and device and storage medium |
| CN111881156A (en) * | 2020-07-24 | 2020-11-03 | 广东省信息工程有限公司 | Abnormal log processing method, device, medium and terminal equipment |
| CN111953541B (en) * | 2020-08-10 | 2023-12-05 | 腾讯科技(深圳)有限公司 | Alarm information processing method, device, computer equipment and storage medium |
| CN111953541A (en) * | 2020-08-10 | 2020-11-17 | 腾讯科技(深圳)有限公司 | Alarm information processing method and device, computer equipment and storage medium |
| CN114650218A (en) * | 2020-12-17 | 2022-06-21 | 中移(苏州)软件技术有限公司 | Data acquisition method, equipment, system and storage medium |
| CN114650218B (en) * | 2020-12-17 | 2023-12-12 | 中移(苏州)软件技术有限公司 | Data acquisition method, device, system and storage medium |
| CN112767636A (en) * | 2021-01-14 | 2021-05-07 | 广州穗能通能源科技有限责任公司 | Fire alarm method, fire alarm device, computer equipment and storage medium |
| CN113395179B (en) * | 2021-06-11 | 2022-04-19 | 中国科学技术大学 | Method for improving readability of BGP peer jitter alarm information in IP network |
| CN113395179A (en) * | 2021-06-11 | 2021-09-14 | 中国科学技术大学 | Method for improving readability of BGP peer jitter alarm information in IP network |
| CN113660107A (en) * | 2021-06-29 | 2021-11-16 | 广东电网有限责任公司广州供电局 | Fault location method, system, computer device and storage medium |
| CN113660107B (en) * | 2021-06-29 | 2024-04-19 | 广东电网有限责任公司广州供电局 | Fault locating method, system, computer equipment and storage medium |
| CN113900755A (en) * | 2021-10-11 | 2022-01-07 | 重庆紫光华山智安科技有限公司 | Alarm page processing method and device, computer equipment and readable storage medium |
| CN113900755B (en) * | 2021-10-11 | 2024-04-16 | 重庆紫光华山智安科技有限公司 | Alarm page processing method and device, computer equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110224858B (en) | 2022-12-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110224858A (en) | Alarm method and relevant apparatus based on log | |
| CN104202201B (en) | A kind of log processing method, device and terminal | |
| CN108572907A (en) | A kind of alarm method, device, electronic equipment and computer readable storage medium | |
| CN103220173B (en) | A kind of alarm monitoring method and supervisory control system | |
| CN110232006A (en) | Equipment alarm method and relevant apparatus | |
| CN110232010A (en) | A kind of alarm method, alarm server and monitoring server | |
| CN106992876A (en) | Cloud platform blog management method and system | |
| CN107390628B (en) | Distribution status monitoring and method for early warning and system | |
| CN113010374B (en) | Quantum device monitoring method and system based on monitoring platform | |
| CN107659443A (en) | The monitoring method and its system of a kind of real time business | |
| CN109150635A (en) | Failure effect analysis (FEA) method and device | |
| CN110149227A (en) | The method and device of network alarm | |
| CN110221947A (en) | Warning information method for inspecting, system, computer installation and readable storage medium storing program for executing | |
| CN109726091A (en) | A kind of blog management method and relevant apparatus | |
| CN110677304A (en) | Distributed problem tracking system and equipment | |
| CN106095638A (en) | The method of a kind of server resource alarm, Apparatus and system | |
| CN108039971A (en) | A kind of alarm method and device | |
| CN115001989A (en) | Equipment early warning method, device, equipment and readable storage medium | |
| CN114154035A (en) | Data processing system for dynamic loop monitoring | |
| CN109615218A (en) | Nuclear power information system performance monitoring system and method | |
| CN106445789A (en) | Monitoring visualizing method and system | |
| CN108171265A (en) | A kind of label preparation method, device and electronic equipment | |
| CN112910733A (en) | Full link monitoring system and method based on big data | |
| CN107911229A (en) | Based reminding method, device, electronic equipment and the storage medium that operating status changes | |
| CN108681499B (en) | O&M monitoring method, device and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |