CN111162989A - Method and device for processing mail audit log - Google Patents
Method and device for processing mail audit log Download PDFInfo
- Publication number
- CN111162989A CN111162989A CN201911267084.4A CN201911267084A CN111162989A CN 111162989 A CN111162989 A CN 111162989A CN 201911267084 A CN201911267084 A CN 201911267084A CN 111162989 A CN111162989 A CN 111162989A
- Authority
- CN
- China
- Prior art keywords
- log
- audit
- file
- attachment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/21—Monitoring or handling of messages
- H04L51/212—Monitoring or handling of messages using filtering or selective blocking
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/308—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application provides a method and a device for processing a mail audit log, wherein the method is applied to audit management equipment, the audit management equipment is used for storing the mail audit log from the audit equipment, and the mail audit log is generated by auditing mails sent by a mailbox client by the audit equipment; the method can comprise the following steps: receiving a query request aiming at the mail audit log; analyzing the log file contained in the mail audit log to obtain mail content and attachment description information; and under the condition that a first trigger instruction for the attachment description information is received, analyzing the log file to obtain an attachment file corresponding to the attachment description information so as to provide the attachment file for a user to download. According to the method and the device, only mail content and attachment description information with small data volume are analyzed when a user inquires, so that the inquiry waiting time of the user is relatively short.
Description
Technical Field
The present application relates to the field of data management technologies, and in particular, to a method and an apparatus for processing an email audit log.
Background
Conveying information through mails has become a conventional office mode for organizations such as government departments, enterprise units and the like, and correspondingly, in order to ensure that risk control is carried out on the mail information related to the organizations, the mails sent and received by the personnel in the organizations through mailboxes are usually required to be audited. For the mails sent and received by the client version mailbox, an audit log obtained by audit equipment needs to be saved in audit management equipment so as to be correspondingly processed by users such as audit staff or management staff.
In the related technology, when a user inquires a certain mail, the audit management equipment firstly analyzes the mail content, the attachment description information and the attachment content from the audit log of the mail, then stores the mail content, the attachment description information and the attachment content in the local storage equipment, and finally displays the mail content to the user; when the user selects to download the attachment content, the saved attachment content is provided for the user to download.
However, the data size of the attached file is usually large relative to the mail content and the attached file description information, so the processing method in the related art takes a long time for parsing, resulting in a long waiting time for the user query.
Disclosure of Invention
In view of the above, the present application provides a method and an apparatus for processing an email audit log to solve the problems in the related art.
In order to achieve the above purpose, the present application provides the following technical solutions:
according to a first aspect of the application, a method for processing a mail audit log is provided, which is applied to an audit management device, wherein the audit management device is used for storing the mail audit log from the audit device, and the mail audit log is generated by the audit device auditing a mail sent by a mailbox client; the method comprises the following steps:
receiving a query request aiming at the mail audit log;
analyzing the log file contained in the mail audit log to obtain mail content and attachment description information;
and under the condition that a first trigger instruction for the attachment description information is received, analyzing the log file to obtain an attachment file corresponding to the attachment description information so as to provide the attachment file for a user to download.
According to a second aspect of the present application, a device for processing a mail audit log is provided, which is applied to an audit management device, where the audit management device is configured to store the mail audit log from the audit device, and the mail audit log is generated by the audit device auditing a mail sent by a mailbox client; the device comprises:
the query request receiving unit is used for receiving a query request aiming at the mail audit log;
the mail content analyzing unit is used for analyzing the log file contained in the mail audit log so as to obtain the mail content and the attachment description information;
and the accessory file analyzing unit is used for analyzing the log file to obtain an accessory file corresponding to the accessory description information under the condition of receiving a first trigger instruction aiming at the accessory description information so as to provide the accessory file for a user to download.
According to a third aspect of the present application, there is provided an electronic device comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to implement the steps of the method according to any one of the aspects of the first aspect.
According to a fourth aspect of the present application, a computer-readable storage medium is proposed, on which computer instructions are stored, which instructions, when executed by a processor, carry out the steps of the method according to any one of the above-mentioned aspects of the first aspect.
According to the technical scheme, only the mail content and the attachment description information in the log file are analyzed when the user inquires, and the attachment file with relatively large data volume is not analyzed, so that the analysis time of the log file is greatly shortened, the inquiry waiting time of the user is further shortened, and the user experience is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments or related technologies of the present application, the drawings needed to be used in the description of the embodiments or related technologies will be briefly described below, and it is obvious for those skilled in the art to obtain other drawings without any creative effort.
Fig. 1 is a schematic diagram of an architecture of a mail auditing system in the related art.
Fig. 2 is a flowchart illustrating a method for processing an email audit log according to an exemplary embodiment of the present application.
Fig. 3 is a flowchart illustrating another mail audit log processing method according to an exemplary embodiment of the present application.
Fig. 4 is a schematic structural diagram of an electronic device according to an exemplary embodiment of the present application.
Fig. 5 is a block diagram of a processing device for mail audit logs according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, a first trigger operation may also be referred to as a second trigger operation, and similarly, a second trigger operation may also be referred to as a first trigger operation without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
To ensure risk control of information transmitted and received by personnel in an organization, audit is usually performed on the processing mode and the transmission and reception system of the mails in the organization, and the audit generally comprises the audit of the mail content. In the related art, usually, an audit device audits the mail sent by the mailbox client, and sends the generated mail audit log to an audit management device, and the audit management device performs storage and corresponding management work. Fig. 1 is a schematic diagram of an architecture of a mail auditing system in the related art. As shown in fig. 1, the audit management device is connected to one or more audit devices, any audit device is connected to one mailbox server and a plurality of clients, and after some audit device audits the mail sent by a client to its corresponding mailbox server, the audit device sends the mail audit log generated by the audit to the audit management device, and the latter manages the mail accordingly.
In the related technology, when a user such as an auditor or a manager inquires a mail audit log through audit management equipment, the audit management equipment can analyze mail content and attachment description information from a log file corresponding to the mail audit log to display the mail content and the attachment description information, and store the attachment file analyzed at the same time in local storage equipment for the user to download. However, when a user queries the mail audit log, parsing the attachment file from the log file and saving the attachment file locally actually not only results in long waiting time, but also has little significance in saving: on one hand, for the mail carrying the attachment, the data volume of the attachment file is usually much larger than the data volume of the mail content and the attachment description information, so the method analyzes the attachment file while analyzing the mail content and the attachment description information in the log file, and the analyzing time is too long, which results in long waiting time of a user; on the other hand, users of the audit management device are usually managers or auditors, and the managers or auditors do not download the attachment files carried by the mails, so the attachment files saved by the processing method are not downloaded, and the meaning of parsing and saving is lost.
Therefore, based on the network architecture of the mail auditing system shown in fig. 1, the present application provides a technical solution for processing mail auditing logs, so as to solve the above-mentioned deficiencies in the related art. For further explanation of the present application, the following examples are provided. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments that can be derived from the embodiments given herein by a person of ordinary skill in the art are intended to be within the scope of the present disclosure.
For ease of understanding, the technical solution of the present application is further explained below with reference to fig. 2. Fig. 2 is a flowchart illustrating a method for processing an email audit log according to an exemplary embodiment of the present application. The method can be applied to independent audit Management equipment, audit Management equipment in an audit system, and an enterprise Management platform such as a Unified Management Center (UMC). Specifically, when the method is applied to the UMC, the audit management device may be a certain device in the UMC, or the UMC server may perform the above-mentioned operation of the audit management device to complete the processing of the mail audit log.
The mail audit log processing method is applied to audit management equipment, the audit management equipment is used for storing the mail audit log from the audit equipment, and the mail audit log is generated by auditing mails sent by a mail box client side by the audit equipment. As shown in fig. 2, the method may include the steps of:
After one or more auditing devices connected with the auditing management device audits the mails sent to the mailbox server by the mailbox client connected with the auditing management device, the generated mail auditing logs are sent to the auditing management device, and the sending form of the mail auditing logs can be a message form, and can also be file data or other forms.
After receiving the mail audit log sent by the audit device, the audit management device firstly stores the mail audit log in a local storage device. In this embodiment, as an exemplary embodiment, the local storage device is located inside the audit management device and belongs to a part of the audit management device; as another exemplary embodiment, the local storage device is located outside the audit administration device, exists independently of the audit administration device, but has a data transmission channel with the audit administration device so as to complete a data transmission task between the two.
It will be appreciated that the mail audit log maintained in the local storage device includes a plurality of mail audit logs sent by one or more audit devices to which it is connected. In one embodiment, at least one part of stored mail audit logs are obtained, and log information contained in the obtained mail audit logs is displayed to a user; and under the condition that a second trigger instruction of the user for any log information is received, determining that a query request for the mail audit log corresponding to the log information is received.
In one embodiment, the audit management equipment is connected with one or more audit equipment, and establishes an incidence relation between log information contained in the received mail audit log and a log file based on the receiving time and a message quintuple under the condition that the audit management equipment receives the mail audit log sent by any audit equipment in a message form, then obtains at least a part of the stored mail audit log, and displays the log information contained in the obtained mail audit log to a user; in this case, analyzing the log file included in the mail audit log specifically includes: and acquiring a log file corresponding to any log information according to the association relation, and analyzing the acquired log file.
In another embodiment, the log information contained in the received mail audit log and the log file are stored in the local storage device as a whole, then at least one part of the stored mail audit log is obtained, and the log information contained in the obtained mail audit log is displayed to the user; in this case, analyzing the log file included in the mail audit log specifically includes: and acquiring a log file corresponding to any log information, and analyzing the acquired log file.
In the above two embodiments, the log information stored in the local storage device is stored in a log format, and the log file is stored in a file format.
In an embodiment, the log file is parsed to obtain an attachment file corresponding to the attachment description information, and then the attachment file is directly provided to the user for downloading through an output stream. It should be noted that "directly providing for user to download" here means: and for the analyzed attachment file, the attachment file is not stored in a local storage device, and the analyzed attachment file is provided for a user to download in an output stream form.
In another embodiment, the log file is analyzed to obtain an attachment file corresponding to the attachment description information; the attachment file is then saved in a local storage device to provide the attachment file for download to the user.
In addition, the log information referred to in the present application may include: the subject of the mail, the sending date of the mail, the sender and/or the receiver of the mail, etc.; the attachment description information related to the present application may include an attachment file name, an attachment file size, an attachment file format, and/or the like.
According to the technical scheme, when a user inquires the mail audit log, only mail content and attachment description information with small data volume are analyzed, and when the user needs to download the attachment file, the attachment file is analyzed, so that the data volume of first analysis is effectively reduced, the analysis time and the inquiry waiting time of the user are favorably reduced, and the user experience is effectively improved.
For easy understanding, the technical solution of the present application is described in detail below with reference to fig. 3. Fig. 3 is a flowchart illustrating another mail audit log processing method according to an exemplary embodiment of the present application. The method is applied to audit management equipment, wherein the audit management equipment is used for storing a mail audit log from the audit equipment, and the mail audit log is generated by auditing mails sent by a mailbox client by the audit equipment. It should be noted that, generally, the mails sent by the mailbox client can be divided into two types: the technical scheme of the application is mainly provided for the mails with the attachments and the mails without the attachments, but the mails without the attachments can be regarded as a special case, so that when the mails are processed, whether the mails corresponding to the mail audit logs carry the attachments or not should be actually judged. When the scheme of the application is applied to the mails which do not carry the attachments, all relevant steps related to the attachments are not executed, and other steps are appropriately modified, so that creative labor is not required for those skilled in the art, and the details of the application are not repeated. As shown in fig. 3, the method may include the steps of:
And after the auditing equipment audits the mail sent to the mailbox server by the mailbox client, generating a corresponding mail auditing log. Any mail audit log generated by the audit equipment can only correspond to one mail; the method can also correspond to a mail and an associated mail thereof, wherein the associated mail can be a reference mail, a forwarding mail and the like; of course, other combinations of mail quantities and forms are also possible, and this application is not limited in this respect.
And the audit equipment sends the generated mail audit log to the audit management equipment. In one embodiment, the audit device sends the mail audit log to the audit management device in the form of a message, and in the sending mode, the message is divided into two parts: log information and log files; the log information may include a message five-tuple (an original IP address, a destination IP address, a protocol type, a source port address, and a destination port address), a mail subject, a mail sender and/or a mail receiver, and the log file may include mail content, attachment information, an attachment file, and the like. In another embodiment, the audit device sends the mail audit log to the audit management device in the form of file data.
And after receiving the mail audit log sent by the audit equipment, storing the mail audit log in local storage equipment. The local storage device may take many forms, such as a local server hard drive, a magnetic disk, a database, or a portable storage device. Of course, there may be multiple forms of storage for different information in the mail audit log: in one embodiment, the log information and log files in the mail audit log are saved in a specific format in a local storage device. At this time, because the two parts of information are stored in the same format, the two parts of information can be stored adjacently without further data association, thereby facilitating data query.
In another embodiment, log information and log files in the mail audit log are stored in a local storage device in a specific format respectively, wherein the log information is stored in a log format, and the log files are stored in a file format; meanwhile, an incidence relation is established between log information contained in the received mail audit log and the log file based on the receiving time and the message quintuple. Correspondingly, the log file included in the mail audit log for subsequent analysis is specifically as follows: and acquiring a log file corresponding to any log information according to the association relation, and analyzing the acquired log file. The mail audit log is stored according to the association relationship, for the audit management equipment connected with one or more audit equipment, the log information and the log file contained in the mail audit log can be associated with each other according to the receiving time and the message quintuple, and meanwhile, the mail audit log and the corresponding audit equipment can be associated with each other, so that the traceability of the mail audit log is realized, a user can conveniently inquire the specific mail audit log, the user is allowed to search the sender audit equipment corresponding to the mail audit log, and the log management is facilitated.
Optionally, log information of the saved email audit log may be displayed. The specific display form may be a page display form, an entry display form, a tile display form, or the like, which is specifically referred to the display technology in the related art and is not described herein again.
Because the mail audit logs are usually stored in multiple numbers, log information of all mail audit logs can be sequentially displayed, and only log information of part of the mail audit logs in all the mail audit logs can be displayed: and acquiring at least one part of the stored mail audit log, and displaying log information contained in the acquired mail audit log to a user. In addition, the order display can be carried out according to the receiving time of the mail audit log; or displaying the email audit logs in sequence according to the preset email type priority of the email corresponding to each email audit log, wherein the email types may include: customer mail, internal mail, or automatic reply mail, etc.; or the contents can be displayed in sequence according to the position level of the mail sender, the whole size of the mail contents and the attachment and the like.
Because log information of any displayed mail audit log may include multiple information such as a message quintuple, a mail subject, a mail sender and/or a mail receiver, the multiple information can be subjected to importance sequencing and selectively displayed according to the sequence, and the multiple information can be displayed completely. However, it should be noted that the purpose of displaying the log information is to facilitate the user to visually obtain the basic situation of the mail audit log, so that the user can send a second trigger instruction for a certain mail audit log, and therefore, when the audit management device does not support the user to manually send the second trigger instruction, the step may not be executed.
And judging whether a second trigger instruction sent by the system at regular time or sent by the user aiming at the displayed log information is received. In an embodiment, a user sets that the audit management device sends out a second trigger instruction at one time or periodically, when the timing time is up, the timer sends out the second trigger instruction to the audit management device, where the second trigger instruction may be sent out for currently displayed log information or for log information meeting a preset condition.
In another embodiment, the audit management device executes step S302 to present log information to a user, and when the user is interested in a certain presented log information, sends a second trigger instruction for the log information to the audit management device. The second trigger instruction may be a click instruction of a mouse, for example, a user operates the mouse to click a displayed log information item; or selecting instructions for right-click menu options, such as a menu of log information items displayed by user triggering, and selecting detail display options in the menu; or click a preset area after selecting certain log information, for example, after a user selects a certain log information entry, a preset detail display button is triggered, and the like.
And under the condition that a second trigger instruction of the user for any log information is received, determining that a query request for a mail audit log corresponding to any log information is received. In the two embodiments, the second trigger instruction received by the audit management device is used to trigger the audit management device to parse the mail content and the attachment description information in the log file. When the audit management device determines that the second trigger instruction is received, the process proceeds to step 305; otherwise, under the condition that the audit management device does not judge that the second trigger instruction is received, continuing to wait for receiving.
And after judging that a second trigger instruction aiming at certain log information is received, the audit management equipment analyzes the log file corresponding to the log information so as to analyze the mail content and the attachment description information contained in the log file. The above-mentioned attachment description information may include the name of the attachment file, and may also include the name of the attachment file, the size of the attachment file, and/or the format of the attachment file.
After the audit management equipment receives a mail audit log sent by any audit equipment in a message form, under the condition that an association relation is established between log information and a log file contained in the received mail audit log based on the receiving time and a message quintuple, after a second trigger instruction aiming at certain log information is judged to be received, the log information corresponding to the second trigger instruction is determined, the log file corresponding to the log information is obtained according to the association relation, then the obtained log file is analyzed, and mail content and attachment description information are obtained from the log information.
And step 306, displaying the mail content and the attachment description information.
Optionally, after the mail content and the attachment description information included in the log file are obtained through analysis, the mail content and the attachment description information are displayed to the user. The specific display mode can be a popup display mode or a page jump display mode, and the like, and the display mode is not limited in the application.
And judging whether a first trigger instruction sent by a system or sent by a user aiming at the displayed accessory description information is received. In one embodiment, the audit management device is set to automatically send out a second trigger instruction for the attachment description information after the log file is analyzed to obtain the mail content and the attachment description information.
In another embodiment, the audit management device performs step S306 to display the mail content and the attachment description information to the user, and when the user is interested in an attachment of the displayed mail, sends a first trigger instruction for the attachment description information to the audit management device, where a specific form of the second trigger instruction is referred to as step 304, and details are not described here.
When a first trigger instruction sent by a user for any attachment description information is received, determining that a download request for an attachment corresponding to any attachment description information is received. In the two embodiments, the second trigger instruction received by the audit management device is used to trigger the audit management device to parse the attachment file in the log file. If the audit management device determines that the first trigger instruction is received, the process proceeds to step 308; otherwise, under the condition that the audit management device does not judge that the second trigger instruction is received, the audit management device continues to wait for receiving the first trigger instruction or other instructions.
And step 308, analyzing the log file to obtain an attachment file.
After judging that a first trigger instruction aiming at certain accessory description information is received, the audit management equipment analyzes the log file corresponding to the accessory description information so as to analyze the accessory file contained in the log file. For a specific analysis process, see step 305, which is not described herein again.
And after the audit management equipment analyzes the obtained attachment file, providing the attachment file for a user to download. In one embodiment, after the attachment file is obtained through analysis, the attachment file is directly provided for a user to download through an output stream. It should be noted that "directly providing for user to download" here means: and for the analyzed attachment file, the attachment file is not stored in a local storage device, and the analyzed attachment file is provided for a user to download in an output stream form. The file of the attachment obtained by analysis is not stored in the local storage device, but is directly provided for the user to download, so that the utilization rate of the local storage device is reduced, and the service life of the local storage device is prolonged. In another embodiment, after the attachment file is obtained through analysis, the attachment file is stored in the local storage device, and then the stored attachment file is provided for the user to download.
When the user downloads the accessory file, the storage position of the downloaded accessory file can be a storage device of the audit management device, and can also be a portable storage device externally connected with the audit management device, such as a mobile hard disk, a U disk, an optical disk or a storage unit of an electronic device.
Fig. 4 is a schematic structural diagram of an electronic device according to an exemplary embodiment of the present application. Referring to fig. 4, at the hardware level, the electronic device includes a processor 401, an internal bus 402, a network interface 403, a memory 404, and a non-volatile memory 405, but may also include hardware required for other services. The processor 401 reads a corresponding computer program from the nonvolatile memory 405 to the memory 404 and runs the computer program, and forms a processing device of the mail audit log on a logic level. Of course, besides the software implementation, the present application does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
Fig. 5 is a block diagram of a processing device for mail audit logs according to an exemplary embodiment of the present application. Referring to fig. 5, in a software implementation, the processing apparatus of the mail audit log is applied to an audit management device, where the audit management device is configured to store the mail audit log from the audit device, and the mail audit log is generated by the audit device auditing a mail sent by a mailbox client; the apparatus may include a query request receiving unit 501, a mail content parsing unit 502, and an attachment file parsing unit 503.
Wherein:
a query request receiving unit 501, configured to receive a query request for an email audit log;
an email content analyzing unit 502, configured to analyze a log file included in the email audit log to obtain email content and attachment description information;
the attachment file parsing unit 503 is configured to, when a first trigger instruction for the attachment description information is received, parse the log file to obtain an attachment file corresponding to the attachment description information, so as to provide the attachment file for a user to download.
Optionally, the attachment file parsing unit 503 is specifically configured to:
analyzing the log file to obtain an attachment file corresponding to the attachment description information;
and directly providing the attachment file for the user to download through an output stream.
Optionally, the query request receiving unit 501 is specifically configured to:
acquiring at least one part of stored mail audit logs, and displaying log information contained in the acquired mail audit logs to a user;
and under the condition that a second trigger instruction of the user for any log information is received, determining that a query request for a mail audit log corresponding to any log information is received.
Optionally, the audit management device is connected to one or more audit devices, and when receiving an email audit log sent by any one of the audit devices in a message form, the audit management device establishes an association relationship between log information contained in the received email audit log and a log file based on a receiving time and a message quintuple; the mail content analysis unit 502 is specifically configured to:
and acquiring a log file corresponding to any log information according to the incidence relation, and analyzing the acquired log file.
Optionally, the log information is stored in a log format, and the log file is stored in a file format.
Optionally, the log information includes at least one of: subject of the mail, date, sender of the mail, recipient of the mail.
Optionally, the accessory description information includes: a name of the attachment file.
The implementation process of the functions and actions of each unit in the device is detailed in the implementation process of the corresponding step in the method, and is not described herein again.
In a typical configuration, an electronic device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
For the above-mentioned apparatus embodiments, since they basically correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (10)
1. A processing method of mail audit logs is characterized in that the processing method is applied to audit management equipment, the audit management equipment is used for storing the mail audit logs from the audit equipment, and the mail audit logs are generated by auditing mails sent by a mailbox client by the audit equipment; the method comprises the following steps:
receiving a query request aiming at the mail audit log;
analyzing the log file contained in the mail audit log to obtain mail content and attachment description information;
and under the condition that a first trigger instruction for the attachment description information is received, analyzing the log file to obtain an attachment file corresponding to the attachment description information so as to provide the attachment file for a user to download.
2. The method according to claim 1, wherein the parsing the log file to obtain an attachment file corresponding to the attachment description information for providing to a user for downloading comprises:
analyzing the log file to obtain an attachment file corresponding to the attachment description information;
and directly providing the attachment file for the user to download through an output stream.
3. The method of claim 1, wherein receiving a query request for a mail audit log comprises:
acquiring at least one part of stored mail audit logs, and displaying log information contained in the acquired mail audit logs to a user;
and under the condition that a second trigger instruction of the user for any log information is received, determining that a query request for a mail audit log corresponding to any log information is received.
4. The method according to claim 3, wherein the audit management device is connected with one or more audit devices, and when receiving an email audit log sent by any audit device in a message form, the audit management device establishes an association relationship between log information and a log file contained in the received email audit log based on a receiving time and a message quintuple; the analyzing the log file contained in the mail audit log comprises:
and acquiring a log file corresponding to any log information according to the incidence relation, and analyzing the acquired log file.
5. The method of claim 3, wherein the log information is stored in a log format and the log file is stored in a file format.
6. The method of claim 3, wherein the log information comprises at least one of:
subject of the mail, date, sender of the mail, recipient of the mail.
7. The method of claim 1, wherein the attachment description information comprises: a name of the attachment file.
8. The processing device of the mail audit log is characterized by being applied to audit management equipment, wherein the audit management equipment is used for storing the mail audit log from the audit equipment, and the mail audit log is generated by auditing mails sent by a mail box client by the audit equipment; the device comprises:
the query request receiving unit is used for receiving a query request aiming at the mail audit log;
the mail content analyzing unit is used for analyzing the log file contained in the mail audit log so as to obtain the mail content and the attachment description information;
and the accessory file analyzing unit is used for analyzing the log file to obtain an accessory file corresponding to the accessory description information under the condition of receiving a first trigger instruction aiming at the accessory description information so as to provide the accessory file for a user to download.
9. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to implement the method of any one of claims 1-7.
10. A computer-readable storage medium having stored thereon computer instructions, which when executed by a processor, perform the steps of the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911267084.4A CN111162989A (en) | 2019-12-11 | 2019-12-11 | Method and device for processing mail audit log |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911267084.4A CN111162989A (en) | 2019-12-11 | 2019-12-11 | Method and device for processing mail audit log |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111162989A true CN111162989A (en) | 2020-05-15 |
Family
ID=70556997
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911267084.4A Pending CN111162989A (en) | 2019-12-11 | 2019-12-11 | Method and device for processing mail audit log |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111162989A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112000630A (en) * | 2020-08-28 | 2020-11-27 | 苏州浪潮智能科技有限公司 | Log storage method, device and equipment and readable storage medium |
| CN112214970A (en) * | 2020-10-20 | 2021-01-12 | 上海科越信息技术股份有限公司 | Customs declaration form filling method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106776942A (en) * | 2016-11-30 | 2017-05-31 | 任子行网络技术股份有限公司 | A kind of transmission of network audit daily record preserves system and method |
| CN106850560A (en) * | 2016-12-26 | 2017-06-13 | 沈阳通用软件有限公司 | A kind of method that internet mail sends safely and audits |
| CN109542857A (en) * | 2018-11-26 | 2019-03-29 | 杭州迪普科技股份有限公司 | Audit log storage method, querying method, device and relevant device |
-
2019
- 2019-12-11 CN CN201911267084.4A patent/CN111162989A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106776942A (en) * | 2016-11-30 | 2017-05-31 | 任子行网络技术股份有限公司 | A kind of transmission of network audit daily record preserves system and method |
| CN106850560A (en) * | 2016-12-26 | 2017-06-13 | 沈阳通用软件有限公司 | A kind of method that internet mail sends safely and audits |
| CN109542857A (en) * | 2018-11-26 | 2019-03-29 | 杭州迪普科技股份有限公司 | Audit log storage method, querying method, device and relevant device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112000630A (en) * | 2020-08-28 | 2020-11-27 | 苏州浪潮智能科技有限公司 | Log storage method, device and equipment and readable storage medium |
| CN112214970A (en) * | 2020-10-20 | 2021-01-12 | 上海科越信息技术股份有限公司 | Customs declaration form filling method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7912913B2 (en) | Facilitating presentation and monitoring of electronic mail messages with reply by constraints | |
| US10841364B2 (en) | Using and comparing known and current activity states to determine receptiveness | |
| EP3061215B1 (en) | Conditional delivery of electronic messages | |
| CA2862876C (en) | Systems and methods for sharing data among multiple end user devices | |
| TWI479329B (en) | Method, article, and apparatus for automatic conversation techniques | |
| US20130066674A1 (en) | Marketplace for timely event data distribution | |
| US20070185746A1 (en) | Intelligent event adaptation mechanism for business performance monitoring | |
| US20070124396A1 (en) | Electronic mailing method, system and computer program | |
| US20070143424A1 (en) | Distribution list for a reply message | |
| US11171905B1 (en) | Request and delivery of additional data | |
| US20130007139A1 (en) | Logical thread management through email infrastructure | |
| US10062055B2 (en) | Locating previously communicated electronic messages | |
| CN111162989A (en) | Method and device for processing mail audit log | |
| WO2023051740A1 (en) | Communication session management method and apparatus | |
| CN102904801A (en) | Message alert method and device | |
| CN111311200B (en) | Management method and device for guest consultation work order platform | |
| US10972566B2 (en) | Systems and methods for electronic notification broadcasts | |
| US9477700B2 (en) | Data environment change notification | |
| US20080141168A1 (en) | Unified presentation of scattered message data | |
| US9647970B2 (en) | Sorting electronic mail | |
| US9542171B2 (en) | Managing an application modification process | |
| CN114422467A (en) | Customer service message management system and method | |
| CN104579921B (en) | Method and device for loading e-mail | |
| US20080313285A1 (en) | Post transit spam filtering | |
| US20060206446A1 (en) | Personal information manager and communications application providing dynamic contact communication history |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200515 |
|
| RJ01 | Rejection of invention patent application after publication |