CN110825599A - Information management system monitoring method, device, medium, electronic equipment and system - Google Patents
Information management system monitoring method, device, medium, electronic equipment and system Download PDFInfo
- Publication number
- CN110825599A CN110825599A CN201911019675.XA CN201911019675A CN110825599A CN 110825599 A CN110825599 A CN 110825599A CN 201911019675 A CN201911019675 A CN 201911019675A CN 110825599 A CN110825599 A CN 110825599A
- Authority
- CN
- China
- Prior art keywords
- information
- login
- user
- determining
- management system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 56
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000005457 optimization Methods 0.000 claims abstract description 15
- 238000012806 monitoring device Methods 0.000 claims abstract 4
- 230000006399 behavior Effects 0.000 claims description 50
- 230000002159 abnormal effect Effects 0.000 claims description 23
- 230000004048 modification Effects 0.000 claims description 11
- 238000012986 modification Methods 0.000 claims description 11
- 238000004458 analytical method Methods 0.000 claims description 8
- 238000004891 communication Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000005856 abnormality Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3438—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The disclosed embodiments relate to a log monitoring method, a monitoring device, a computer-readable storage medium, an electronic device, and a monitoring system for an information management system. The method comprises the following steps: monitoring whether login operation for logging in the information management system exists or not, and if yes, recording login information related to the login operation and operation information after login; and analyzing and determining the user behavior according to the operation information and the login information. The scheme of the embodiment of the disclosure can monitor the system operation of the user in real time, monitor the abnormity of the system and the use condition of the user, analyze the user behavior, and ensure the safety of the system and the system data to a certain extent; in addition, the service condition of the system can be monitored, and data support is provided for system performance optimization.
Description
Technical Field
The present disclosure relates to the field of information technologies, and in particular, to a monitoring method and a monitoring apparatus for an information management system, a computer storage medium and an electronic device for implementing the monitoring method for the information management system, and a monitoring system for the information management system.
Background
Currently, in the related art, for an information management system, such as a patent information management system or other information management systems, generally, the system only generates the work log information. Monitoring and analysis of log information are lacked, and the system has abnormal operation behaviors and hidden dangers of system data safety; in addition, data support for optimizing and improving system performance is insufficient, so that the operation reliability of the system is reduced, and the maintenance cost is increased. Accordingly, there is a need to ameliorate one or more of the problems with the related art solutions described above.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
An object of the embodiments of the present disclosure is to provide an information management system monitoring method, an information management system monitoring apparatus, a computer storage medium and an electronic device implementing the information management system monitoring method, and a monitoring system of an information management system, thereby overcoming one or more problems due to limitations and disadvantages of the related art at least to a certain extent.
According to a first aspect of the embodiments of the present disclosure, there is provided an information management system monitoring method, including:
monitoring whether login operation for logging in the information management system exists or not, and if yes, recording login information related to the login operation and operation information after login;
and analyzing and determining the user behavior according to the operation information and the login information.
In an exemplary embodiment of the present disclosure, the operation information includes one or more of operation user information, operation times, and operation contents; the operation content at least comprises file uploading information and/or downloading information and system data modification information;
and/or the login information comprises one or more of login times, login time, login IP address and login user identification.
In an exemplary embodiment of the present disclosure, the step of analyzing and determining a user behavior according to the operation record information and the login information includes:
determining whether the login times of the user indicated by the same login user identification in a preset time period are greater than a first threshold value and whether the operation times are greater than a second threshold value; if yes, determining that the user behavior is abnormal;
or, determining whether the login time of the user indicated by the same operation user information and/or the login IP address is within a preset time period, and if so, determining whether the operation times within the preset time period are greater than a third threshold; if yes, determining that the user behavior is abnormal;
or, determining whether the operation content of the user indicated by the same operation user information and/or the login IP address occurs in a preset time period; and if so, determining that the user behavior is abnormal.
In an exemplary embodiment of the present disclosure, the information management system includes a plurality of different functional modules, and the method further includes:
determining the use frequency of each functional module according to the operation information;
and judging whether the use frequency of each functional module is greater than a preset frequency threshold, if so, generating prompt information of the corresponding functional module, wherein the prompt information is used for indicating performance optimization of the functional module.
According to a second aspect of the embodiments of the present disclosure, there is provided an information management system monitoring apparatus including:
the monitoring and recording module is used for monitoring whether login operation for logging in the information management system exists or not, and if yes, logging information related to the login operation and operation information after login are recorded;
and the behavior analysis module is used for analyzing and determining the user behavior according to the operation information and the login information.
In an exemplary embodiment of the present disclosure, the operation information includes one or more of operation user information, an operation IP address, and operation content; and/or the login information at least comprises one or more of login time, login IP address and login user identification;
the operation content at least comprises file uploading information and/or downloading information and system data modification information.
In an exemplary embodiment of the present disclosure, the behavior analysis module includes:
the first determining submodule is used for determining whether the login times of the user indicated by the same login user identification in a preset time period are larger than a first threshold value and whether the operation times are larger than a second threshold value; if yes, determining that the user behavior is abnormal;
or, the second determining submodule is used for determining whether the login time of the user indicated by the same operation user information and/or the login IP address is within a preset time period, and if so, determining whether the operation times within the preset time period are greater than a third threshold; if yes, determining that the user behavior is abnormal;
or, the third determining submodule is used for determining whether the operation content of the user indicated by the same operation user information and/or the login IP address occurs in a preset time period; and if so, determining that the user behavior is abnormal.
In an exemplary embodiment of the present disclosure, the information management system includes a plurality of different functional modules, and the apparatus further includes:
the determining module is used for determining the use frequency of each functional module according to the operation information;
and the prompt module is used for judging whether the use frequency of each functional module is greater than a preset frequency threshold value, if so, generating prompt information of the corresponding functional module, and the prompt information is used for indicating performance optimization of the functional module.
According to a third aspect of the embodiments of the present disclosure, there is provided a monitoring system of an information management system, including:
the first equipment is used for operating the information management system and monitoring whether login operation for logging in the information management system exists or not, and if yes, login information related to the login operation and operation information after login are recorded;
the second equipment is in communication connection with the first equipment and used for receiving and storing the operation information and the login information sent by the first equipment;
the first device is further configured to read the operation information and the login information from the second device, and analyze and determine a user behavior according to the operation information and the login information.
According to a fourth aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the information management system monitoring method described in any one of the above embodiments.
According to a fifth aspect of embodiments of the present disclosure, there is provided an electronic apparatus including:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the steps of the information management system monitoring method of any of the above embodiments via execution of the executable instructions.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:
according to the scheme of the embodiment of the disclosure, whether login operation for logging in the information management system exists can be monitored, if yes, login information related to the login operation and operation information after login are recorded, and user behaviors are analyzed and determined according to the operation information and the login information; therefore, the system operation of the user can be monitored in real time, the system can be monitored to find abnormality and the use condition of the user in time, the user behavior is analyzed so as to adopt corresponding measures conveniently, and the safety of the system and the system data can be ensured to a certain extent; in addition, the service condition of the system can be monitored, and data support is provided for system performance optimization, so that the operation reliability of the system is increased, and the maintenance cost is reduced.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty.
FIG. 1 shows a flow chart of a method for monitoring an information management system in an exemplary embodiment of the disclosure;
FIG. 2 is a schematic diagram of an application scenario system architecture in an exemplary embodiment of the present disclosure;
FIG. 3 shows a flow chart of a method for monitoring an information management system in an exemplary embodiment of the disclosure;
FIG. 4 shows a schematic diagram of an information management system monitoring apparatus in an example embodiment of the present disclosure;
FIG. 5 shows a monitoring system schematic of an information management system in an exemplary embodiment of the present disclosure;
fig. 6 shows a schematic diagram of an electronic device in an exemplary embodiment of the disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The exemplary embodiment first provides an information management system monitoring method, which may be applied to a terminal device, such as a mobile terminal or a server, for example, a notebook computer, a tablet computer, a smart phone, and the like. Referring to fig. 1, the method may include the steps of:
step S101: monitoring whether login operation for logging in the information management system exists or not, and if yes, recording login information related to the login operation and operation information after login;
step S102: analyzing and determining user behaviors according to the operation information and the login information
By the information management system monitoring method, the system operation of the user can be monitored in real time, the monitoring system can find abnormality and the use condition of the user in time and analyze the user behavior so as to adopt corresponding measures, and the safety of the system and the system data can be ensured to a certain extent; in addition, the service condition of the system can be monitored, and data support is provided for system performance optimization, so that the operation reliability of the system is increased, and the maintenance cost is reduced.
Hereinafter, the respective steps of the above-described method in the present exemplary embodiment will be described in more detail with reference to fig. 1 to 3.
In step S101, whether there is a login operation to log in the information management system is monitored, and if yes, login information related to the login operation and operation information after login are recorded.
Specifically, the information management system can run in a computing device, and the information management system can set a login account, a password and the like so as to facilitate login of the system. When the login operation is monitored, login information related to the login operation, such as a user name, an IP address and the like, and operation information after login, such as data modification information and the like, can be recorded.
In step S102, the user behavior is analyzed and determined according to the operation information and the login information.
In an exemplary embodiment of the present disclosure, the operation information includes one or more of operation user information (e.g., a user name or an account number), operation times (e.g., file uploading times, file downloading times, data modification times, etc.), and operation contents. The operation content at least comprises file uploading information and/or downloading information, system data modification information and the like. Illustratively, the login information includes one or more of login times, login time, login IP address, login user identification (such as user code or identification number, etc.).
Specifically, in an exemplary embodiment of the present disclosure, the step of analyzing and determining the user behavior according to the operation record information and the login information in step S102 may specifically include one or more of the following three implementation manners.
The first method is as follows: determining whether the login times of a user indicated by the same login user identification in a preset time period (such as a morning time period) are greater than a first threshold value and whether the operation times are greater than a second threshold value; and if so, determining that the user behavior is abnormal.
The second method comprises the following steps: determining whether the login time of the user indicated by the same operation user information and/or the login IP address is within a preset time period (such as a morning time period), and if so, determining whether the operation times within the preset time period are greater than a third threshold; and if so, determining that the user behavior is abnormal.
The third method comprises the following steps: determining whether operation contents (such as file uploading times, file downloading times and the like) of a user indicated by the same operation user information and/or login IP address occur within a preset time period (such as a morning time period); and if so, determining that the user behavior is abnormal. The above-mentioned thresholds may be set as needed, and are not particularly limited.
For example, when it is determined that the user behavior is abnormal, corresponding measures may be taken, for example, sending a reminding message to an administrator with the highest authority of the system, which is not limited to this, and for example, the authority of the operating user may be limited or the user operation may be prohibited. Therefore, the system operation of the user can be monitored in real time, the system can be monitored to find out the abnormity and the use condition of the user in time, the user behavior is analyzed so as to adopt corresponding measures, and the safety of the system and the system data can be ensured to a certain extent.
In an exemplary embodiment of the disclosure, as shown in fig. 2, the information management system includes a plurality of different functional modules, and the method further includes the steps of:
step S201: and determining the use frequency of each functional module according to the operation information.
For example, the frequency of use of each functional module may be determined by counting the number of operations performed on the functional module over a certain period of time.
Step S202: and judging whether the use frequency of each functional module is greater than a preset frequency threshold, if so, generating prompt information of the corresponding functional module, wherein the prompt information is used for indicating performance optimization of the functional module.
Specifically, if the usage frequency of a functional module is greater than the preset frequency threshold, it indicates that the functional module is frequently used, which causes a problem of reduced potential reliability of the system, and therefore, performance optimization needs to be preferentially performed on the functional module. In the embodiment, the service condition of the system can be monitored, and data support is provided for optimizing the performance of the system, so that the operation reliability of the system is increased, and the maintenance cost is reduced.
The flow of the monitoring method described above is described in one specific example embodiment with reference to the flow shown in fig. 3.
Step 1, the user operates the information management system 301, such as logging in the system, uploading and downloading files, modifying system data, and the like.
Step 2, the information management system 301 sends a user operation message to the message server 302, such as: the system comprises an operator, operation time, an operator IP, operation contents (logging in a system, uploading and downloading files, system data modification and the like), and data before and after modification is recorded when the system data is modified.
And step 3, the message server 302 receives the message pushed by the information management system 301 and stores the message.
Step 4, the information management system 301 reads the unconsumed message from the message server 302 and stores it in the information management system 301.
And step 5, analyzing the read message and storing the analyzed message in the information management system 301.
And 6, displaying the analyzed information in the information management system 301.
Specifically, the system can monitor the operation of all users, the description of the operation, the role of the operator in the system, the IP address and the operation time of the operator, and through the record, the operation content and the frequency of the users can be monitored, the behavior of the users can be analyzed, and if the users log in and download system data for many times in the early morning, the users may have the possibility of data theft. The record can also count the use frequency of each function in the system, and according to the use frequency, the functions with higher frequency use are subjected to key monitoring and performance optimization, so that the user experience is improved. The details of the operation are recorded, for example, before and after the operator modifies the organization name, the data change condition can be monitored. The last login time and the current login times of the user can be recorded, the login condition of the user can be monitored, whether the user still uses the system can be judged according to the last login time, and the user can be logged out if the user does not use the system any more, so that the safety of the system is ensured. The method can also record all login conditions of the user, and can monitor the time node that the user frequently logs in, for example, if the user frequently logs in the system in the morning, the user may perform some illegal operations, such as downloading files and data in the system. Therefore, the embodiment can monitor the system operation of the user in real time, can monitor the system to find the abnormality and the use condition of the user in time, and analyze the user behavior so as to adopt corresponding measures, and can ensure the safety of the system and the system data to a certain extent; in addition, the service condition of the system can be monitored, and data support is provided for system performance optimization, so that the operation reliability of the system is increased, and the maintenance cost is reduced.
It should be noted that although the various steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that these steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc. Additionally, it will also be readily appreciated that the steps may be performed synchronously or asynchronously, e.g., among multiple modules/processes/threads.
Further, in this exemplary embodiment, an information management system monitoring apparatus is also provided. Referring to fig. 4, the monitoring apparatus may include a monitoring recording module 401 and a behavior analysis module 402; wherein:
a monitoring and recording module 401, configured to monitor whether there is a login operation to log in the information management system, and if so, record login information related to the login operation and operation information after login;
and a behavior analysis module 402, configured to analyze and determine a user behavior according to the operation information and the login information.
In an exemplary embodiment of the present disclosure, the operation information may include, but is not limited to, one or more of operation user information, an operation IP address, and operation content; and/or the login information at least comprises one or more of login time, login IP address and login user identification, but is not limited to the above. The operation content at least includes but is not limited to file uploading information and/or downloading information, system data modification information and the like.
In an exemplary embodiment of the present disclosure, the behavior analysis module 402 may include one or more of the following three sub-modules:
the first determining submodule is used for determining whether the login times of the user indicated by the same login user identification in a preset time period are larger than a first threshold value and whether the operation times are larger than a second threshold value; if yes, determining that the user behavior is abnormal;
the second determining submodule is used for determining whether the login time of the user indicated by the same operation user information and/or the login IP address is within a preset time period, and if so, determining whether the operation times within the preset time period are greater than a third threshold value; if yes, determining that the user behavior is abnormal;
the third determining submodule is used for determining whether the operation content of the user indicated by the same operation user information and/or the login IP address occurs in a preset time period or not; and if so, determining that the user behavior is abnormal.
In an exemplary embodiment of the present disclosure, the information management system may include a plurality of different functional modules, and the apparatus may further include:
the determining module is used for determining the use frequency of each functional module according to the operation information;
and the prompt module is used for judging whether the use frequency of each functional module is greater than a preset frequency threshold value, if so, generating prompt information of the corresponding functional module, and the prompt information is used for indicating performance optimization of the functional module. Therefore, the service condition of the system can be monitored, and data support is provided for system performance optimization, so that the operation reliability of the system is increased, and the maintenance cost is reduced.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units. The components shown as modules or units may or may not be physical units, i.e. may be located in one place or may also be distributed over a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the wood-disclosed scheme. One of ordinary skill in the art can understand and implement it without inventive effort.
In the present exemplary embodiment, referring to fig. 5, there is also provided a monitoring system of an information management system, which may include: the first device 100 is configured to operate the information management system, and is configured to monitor whether a login operation to log in the information management system exists, and if so, record login information related to the login operation and operation information after the login. The second device 200 is in communication connection with the first device 100, and is configured to receive and store the operation information and the login information sent by the first device. The first device 100 is further configured to read the operation information and the login information from the second device 200, and analyze and determine a user behavior according to the operation information and the login information.
In an exemplary embodiment of the present disclosure, the operation information may include, but is not limited to, one or more of operation user information, operation times, operation contents; the operation content at least includes file uploading information and/or downloading information, system data modification information, but is not limited thereto. The login information may include one or more of login times, login time, login IP address, and login user identification, but is not limited thereto.
In an exemplary embodiment of the present disclosure, the first device 100 analyzes and determines the user behavior according to the operation record information and the login information, and specifically includes but is not limited to the following three implementation manners:
the first method is as follows: determining whether the login times of the user indicated by the same login user identification in a preset time period are greater than a first threshold value and whether the operation times are greater than a second threshold value; if yes, determining that the user behavior is abnormal;
the second method comprises the following steps: determining whether the login time of the user indicated by the same operation user information and/or the login IP address is within a preset time period, and if so, determining whether the operation times within the preset time period are greater than a third threshold; if yes, determining that the user behavior is abnormal;
the third method comprises the following steps: determining whether the operation content of the user indicated by the same operation user information and/or the login IP address occurs in a preset time period; and if so, determining that the user behavior is abnormal.
In an exemplary embodiment of the present disclosure, the information management system may include a plurality of different functional modules, and the first device 100 is further configured to: determining the use frequency of each functional module according to the operation information; and judging whether the use frequency of each functional module is greater than a preset frequency threshold, if so, generating prompt information of the corresponding functional module, wherein the prompt information is used for indicating performance optimization of the functional module. Therefore, the service condition of the system can be monitored, and data support is provided for system performance optimization, so that the operation reliability of the system is increased, and the maintenance cost is reduced.
With regard to the system in the above-described embodiment, the specific manner in which each module or device performs the operations has been described in detail in the embodiment related to the method, and will not be elaborated upon here.
In an exemplary embodiment of the present disclosure, a computer-readable storage medium is further provided, on which a computer program is stored, which when executed by, for example, a processor, may implement the steps of the information management system monitoring method described in any one of the above embodiments. In some possible embodiments, aspects of the present invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the present invention described in the information management system monitoring method section above of this description, when said program product is run on the terminal device.
According to the program product for realizing the method, the portable compact disc read only memory (CD-ROM) can be adopted, the program code is included, and the program product can be operated on terminal equipment, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
In an exemplary embodiment of the present disclosure, there is also provided an electronic device, which may include a processor, and a memory for storing executable instructions of the processor. Wherein the processor is configured to perform the steps of the information management system monitoring method of any of the above embodiments via execution of the executable instructions.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
An electronic device 600 according to this embodiment of the invention is described below with reference to fig. 6. The electronic device 600 shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 6, the electronic device 600 is embodied in the form of a general purpose computing device. The components of the electronic device 600 may include, but are not limited to: at least one processing unit 610, at least one storage unit 620, a bus 630 that connects the various system components (including the storage unit 620 and the processing unit 610), a display unit 640, and the like.
Wherein the storage unit stores program code executable by the processing unit 610 to cause the processing unit 610 to perform steps according to various exemplary embodiments of the present invention described in the information management system monitoring method section above in this specification. For example, the processing unit 610 may perform the steps as shown in fig. 1.
The storage unit 620 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)6201 and/or a cache memory unit 6202, and may further include a read-only memory unit (ROM) 6203.
The memory unit 620 may also include a program/utility 6204 having a set (at least one) of program modules 6205, such program modules 6205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 600 may also communicate with one or more external devices 700 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 600, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 600 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 650. Also, the electronic device 600 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 660. The network adapter 660 may communicate with other modules of the electronic device 600 via the bus 630. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, or a network device, etc.) to execute the above-mentioned information management system monitoring method according to the embodiments of the present disclosure.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
Claims (11)
1. An information management system monitoring method, characterized in that the method comprises:
monitoring whether login operation for logging in the information management system exists or not, and if yes, recording login information related to the login operation and operation information after login;
and analyzing and determining the user behavior according to the operation information and the login information.
2. The monitoring method according to claim 1, wherein the operation information includes one or more of operation user information, operation times, operation contents; the operation content at least comprises file uploading information and/or downloading information and system data modification information;
and/or the login information comprises one or more of login times, login time, login IP address and login user identification.
3. The monitoring method according to claim 2, wherein the step of analyzing and determining the user behavior according to the operation record information and the login information comprises:
determining whether the login times of the user indicated by the same login user identification in a preset time period are greater than a first threshold value and whether the operation times are greater than a second threshold value; if yes, determining that the user behavior is abnormal;
or, determining whether the login time of the user indicated by the same operation user information and/or the login IP address is within a preset time period, and if so, determining whether the operation times within the preset time period are greater than a third threshold; if yes, determining that the user behavior is abnormal;
or, determining whether the operation content of the user indicated by the same operation user information and/or the login IP address occurs in a preset time period; and if so, determining that the user behavior is abnormal.
4. The monitoring method according to any one of claims 1 to 3, wherein the information management system comprises a plurality of different functional modules, and the method further comprises:
determining the use frequency of each functional module according to the operation information;
and judging whether the use frequency of each functional module is greater than a preset frequency threshold, if so, generating prompt information of the corresponding functional module, wherein the prompt information is used for indicating performance optimization of the functional module.
5. An information management system monitoring apparatus, characterized in that the monitoring apparatus comprises:
the monitoring and recording module is used for monitoring whether login operation for logging in the information management system exists or not, and if yes, logging information related to the login operation and operation information after login are recorded;
and the behavior analysis module is used for analyzing and determining the user behavior according to the operation information and the login information.
6. The monitoring device of claim 5, wherein the operation information comprises one or more of operation user information, operation IP address and operation content; and/or the login information at least comprises one or more of login time, login IP address and login user identification;
the operation content at least comprises file uploading information and/or downloading information and system data modification information.
7. The monitoring device of claim 6, wherein the behavior analysis module comprises:
the first determining submodule is used for determining whether the login times of the user indicated by the same login user identification in a preset time period are larger than a first threshold value and whether the operation times are larger than a second threshold value; if yes, determining that the user behavior is abnormal;
or, the second determining submodule is used for determining whether the login time of the user indicated by the same operation user information and/or the login IP address is within a preset time period, and if so, determining whether the operation times within the preset time period are greater than a third threshold; if yes, determining that the user behavior is abnormal;
or, the third determining submodule is used for determining whether the operation content of the user indicated by the same operation user information and/or the login IP address occurs in a preset time period; and if so, determining that the user behavior is abnormal.
8. The monitoring device according to any one of claims 5 to 7, wherein the information management system comprises a plurality of different functional modules, and the device further comprises:
the determining module is used for determining the use frequency of each functional module according to the operation information;
and the prompt module is used for judging whether the use frequency of each functional module is greater than a preset frequency threshold value, if so, generating prompt information of the corresponding functional module, and the prompt information is used for indicating performance optimization of the functional module.
9. A monitoring system of an information management system, comprising:
the first equipment is used for operating the information management system and monitoring whether login operation for logging in the information management system exists or not, and if yes, login information related to the login operation and operation information after login are recorded;
the second equipment is in communication connection with the first equipment and used for receiving and storing the operation information and the login information sent by the first equipment;
the first device is further configured to read the operation information and the login information from the second device, and analyze and determine a user behavior according to the operation information and the login information.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by at least one processor, carries out the steps of the method for monitoring an information management system according to any one of claims 1 to 4.
11. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the steps of the information management system monitoring method of any one of claims 1 to 4 via execution of the executable instructions.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911019675.XA CN110825599A (en) | 2019-10-24 | 2019-10-24 | Information management system monitoring method, device, medium, electronic equipment and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911019675.XA CN110825599A (en) | 2019-10-24 | 2019-10-24 | Information management system monitoring method, device, medium, electronic equipment and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110825599A true CN110825599A (en) | 2020-02-21 |
Family
ID=69550551
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911019675.XA Pending CN110825599A (en) | 2019-10-24 | 2019-10-24 | Information management system monitoring method, device, medium, electronic equipment and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110825599A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113778832A (en) * | 2021-09-28 | 2021-12-10 | 京东方科技集团股份有限公司 | Device information processing method and device, readable storage medium and electronic device |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6711687B1 (en) * | 1998-11-05 | 2004-03-23 | Fujitsu Limited | Security monitoring apparatus based on access log and method thereof |
| CN104680070A (en) * | 2014-12-27 | 2015-06-03 | 宁波江东恒冠信息技术有限公司 | Method, device and system for managing files used by user |
| CN105068936A (en) * | 2015-09-18 | 2015-11-18 | 北京金山安全软件有限公司 | Method and device for testing stability of software |
| CN105471912A (en) * | 2015-12-31 | 2016-04-06 | 深圳市深信服电子科技有限公司 | Security defense method and system of monitoring system |
| US20180068099A1 (en) * | 2015-12-16 | 2018-03-08 | International Business Machines Corporation | Determine security access level based on user behavior |
| CN109067780A (en) * | 2018-09-17 | 2018-12-21 | 平安科技(深圳)有限公司 | Detection method, device, computer equipment and the storage medium of crawler user |
| CN109687991A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | User behavior recognition method, apparatus, equipment and storage medium |
| CN109800589A (en) * | 2019-01-25 | 2019-05-24 | 深信服科技股份有限公司 | A kind of information security management and control method, system, device and readable storage medium storing program for executing |
| CN110083575A (en) * | 2019-04-11 | 2019-08-02 | 中国移动通信集团内蒙古有限公司 | Fulfilling monitoring method, device, equipment and computer readable storage medium |
-
2019
- 2019-10-24 CN CN201911019675.XA patent/CN110825599A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6711687B1 (en) * | 1998-11-05 | 2004-03-23 | Fujitsu Limited | Security monitoring apparatus based on access log and method thereof |
| CN104680070A (en) * | 2014-12-27 | 2015-06-03 | 宁波江东恒冠信息技术有限公司 | Method, device and system for managing files used by user |
| CN105068936A (en) * | 2015-09-18 | 2015-11-18 | 北京金山安全软件有限公司 | Method and device for testing stability of software |
| US20180068099A1 (en) * | 2015-12-16 | 2018-03-08 | International Business Machines Corporation | Determine security access level based on user behavior |
| CN105471912A (en) * | 2015-12-31 | 2016-04-06 | 深圳市深信服电子科技有限公司 | Security defense method and system of monitoring system |
| CN109687991A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | User behavior recognition method, apparatus, equipment and storage medium |
| CN109067780A (en) * | 2018-09-17 | 2018-12-21 | 平安科技(深圳)有限公司 | Detection method, device, computer equipment and the storage medium of crawler user |
| CN109800589A (en) * | 2019-01-25 | 2019-05-24 | 深信服科技股份有限公司 | A kind of information security management and control method, system, device and readable storage medium storing program for executing |
| CN110083575A (en) * | 2019-04-11 | 2019-08-02 | 中国移动通信集团内蒙古有限公司 | Fulfilling monitoring method, device, equipment and computer readable storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113778832A (en) * | 2021-09-28 | 2021-12-10 | 京东方科技集团股份有限公司 | Device information processing method and device, readable storage medium and electronic device |
| CN113778832B (en) * | 2021-09-28 | 2024-05-14 | 京东方科技集团股份有限公司 | Device information processing method and device, readable storage medium and electronic device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20180183651A1 (en) | Content push method and server, and terminal | |
| CN112187799B (en) | Resource access policy generation method and device, storage medium and electronic equipment | |
| CN112019401B (en) | Internet of vehicles application safety testing method, device and system and electronic equipment | |
| US10362046B1 (en) | Runtime behavior of computing resources of a distributed environment | |
| US10216617B2 (en) | Automatically complete a specific software task using hidden tags | |
| US10936386B2 (en) | Method, device and computer program product for monitoring access request | |
| CN109995523B (en) | Activation code management method and device and activation code generation method and device | |
| CN112306802A (en) | Data acquisition method, device, medium and electronic equipment of system | |
| CN116305290A (en) | System log security detection method and device, electronic equipment and storage medium | |
| CN108647284B (en) | Method and device for recording user behavior, medium and computing equipment | |
| CN113138898B (en) | Method and device for identifying and early warning business system abnormity and electronic equipment | |
| CN110825599A (en) | Information management system monitoring method, device, medium, electronic equipment and system | |
| CN116566739B (en) | Security detection system, electronic equipment and storage medium | |
| CN110162982B (en) | Method and device for detecting illegal rights, storage medium and electronic equipment | |
| CN114641771A (en) | Cluster security based on virtual machine content | |
| US10171329B2 (en) | Optimizing log analysis in SaaS environments | |
| CN114116399B (en) | Monitoring method, device, equipment and medium for third party SDK in application | |
| CN115964701A (en) | Application security detection method and device, storage medium and electronic equipment | |
| CN107453937B (en) | Management method of network connection pool, network access method and related equipment | |
| CN111681093B (en) | Method and device for displaying resource page and electronic equipment | |
| CN113596066B (en) | Cloud service trial method and server | |
| CN111309311B (en) | Vulnerability detection tool generation method, device, equipment and readable storage medium | |
| CN110297639B (en) | Method and apparatus for detecting code | |
| CN113128943B (en) | Data quality monitoring method, device, electronic equipment and storage medium | |
| CN112486496A (en) | Method and equipment for generating and operating so file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 100190 17-19 / F, building a 1, 66 Zhongguancun East Road, Haidian District, Beijing Applicant after: New Great Wall Technology Co.,Ltd. Address before: 100190 17-19 / F, building a 1, 66 Zhongguancun East Road, Haidian District, Beijing Applicant before: GREAT WALL COMPUTER SOFTWARE & SYSTEMS Inc. |