CN111475369A - Log monitoring adding method and device, computer equipment and storage medium - Google Patents

Log monitoring adding method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN111475369A
CN111475369A CN202010150182.6A CN202010150182A CN111475369A CN 111475369 A CN111475369 A CN 111475369A CN 202010150182 A CN202010150182 A CN 202010150182A CN 111475369 A CN111475369 A CN 111475369A
Authority
CN
China
Prior art keywords
monitoring
log
target
item
template
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010150182.6A
Other languages
Chinese (zh)
Inventor
刘玲玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Life Insurance Company of China Ltd
Original Assignee
Ping An Life Insurance Company of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Life Insurance Company of China Ltd filed Critical Ping An Life Insurance Company of China Ltd
Priority to CN202010150182.6A priority Critical patent/CN111475369A/en
Publication of CN111475369A publication Critical patent/CN111475369A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3065Monitoring arrangements determined by the means or processing involved in reporting the monitored data
    • G06F11/3072Monitoring arrangements determined by the means or processing involved in reporting the monitored data where the reporting involves data filtering, e.g. pattern matching, time or event triggered, adaptive or policy-based reporting

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The embodiment of the application discloses a log monitoring adding method and device, computer equipment and a storage medium, and relates to the technical field of computer data processing. The method comprises the following steps: receiving a monitoring template submitted by a target user; identifying a monitoring template to obtain monitoring configuration information; generating a target monitoring item according to the monitoring configuration information; the scanning server inquires the currently running initial monitoring item, compares the target monitoring item with the initial monitoring item and judges whether the target monitoring item exists in the initial monitoring item; if not, establishing a log monitoring task based on the target monitoring item. According to the method, the interaction of the front end and the back end is realized by providing the monitoring template, the log monitoring task can be automatically established after the monitoring information is imported in batches by a user conveniently, a large number of monitoring items do not need to be added manually, the workload of the user is reduced, the repeated addition of the log monitoring task is prevented by checking the duplicate of the monitoring information, the waste of system resources is avoided, and the monitoring efficiency and the monitoring effectiveness are improved.

Description

Log monitoring adding method and device, computer equipment and storage medium
Technical Field
The present application relates to the technical field of computer data processing, and in particular, to a log monitoring adding method and apparatus, a computer device, and a storage medium.
Background
The log monitoring and maintenance is an important part of operation and maintenance work, various log monitoring platforms are provided in the field of operation and maintenance at present, and the log monitoring and maintenance platform is mainly used for accessing various service systems, monitoring system logs, helping operation and maintenance personnel to find system abnormality in a mail or telephone mode in time by configuring log monitoring information, and facilitating the operation and maintenance personnel to inquire required logs, count log data and the like. In order to acquire system abnormal information through log alarm in time, operation and maintenance personnel need to monitor all log contents needing attention by adding a large number of monitoring items, and meanwhile, the monitoring items also need to be effectively managed, so that accurate and efficient monitoring alarm is achieved.
The existing method for adding log monitoring basically introduces monitoring information for operation and maintenance personnel manually, and cannot effectively identify and duplicate the added monitoring information, so that part of repeated monitoring exists in a log system, the monitoring effectiveness is reduced, the probability of repeated alarming is increased, and the workload of the operation and maintenance personnel is increased.
Disclosure of Invention
The technical problem to be solved in the embodiments of the present application is to provide a method and an apparatus for adding log monitoring, a computer device, and a storage medium, so as to reduce the workload when log monitoring is established, and improve the monitoring efficiency and the monitoring effectiveness.
In order to solve the above technical problem, an embodiment of the present application provides an adding method for log monitoring, which adopts the following technical solutions:
an adding method of log monitoring comprises the following steps:
receiving a monitoring template submitted by a target user, wherein the monitoring template is completed by the target user;
identifying the content of the monitoring template to acquire monitoring configuration information in the monitoring template;
generating a target monitoring item according to the monitoring configuration information;
the scanning server inquires a currently running initial monitoring item to compare the target monitoring item with the initial monitoring item and judge whether the target monitoring item exists in the initial monitoring item;
and if the target monitoring item is confirmed not to exist in the initial monitoring item, establishing a log monitoring task based on the target monitoring item.
In order to solve the above technical problem, an embodiment of the present application further provides an adding device for log monitoring, which adopts the following technical solutions:
an adding apparatus of log monitoring, comprising:
the template receiving module is used for receiving a monitoring template submitted by a target user, and the monitoring template is filled by the target user;
the template identification module is used for identifying the content of the monitoring template so as to acquire monitoring configuration information in the monitoring template;
the monitoring item generating module is used for generating a target monitoring item according to the monitoring configuration information;
the monitoring and duplicate checking module is used for inquiring a currently running initial monitoring item by the scanning server so as to compare the target monitoring item with the initial monitoring item and judge whether the target monitoring item exists in the initial monitoring item;
and the task creating module is used for establishing a log monitoring task based on the target monitoring item if the target monitoring item is determined not to exist in the initial monitoring item.
In order to solve the above technical problem, an embodiment of the present application further provides a computer device, which adopts the following technical solutions:
a computer device comprising a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the steps of the log monitoring adding method according to any one of the above technical solutions.
In order to solve the above technical problem, an embodiment of the present application further provides a computer-readable storage medium, which adopts the following technical solutions:
a computer-readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the log monitoring adding method according to any one of the preceding claims.
Compared with the prior art, the embodiment of the application mainly has the following beneficial effects:
the embodiment of the application discloses a method and a device for adding log monitoring, computer equipment and a storage medium, wherein the method for adding the log monitoring comprises the steps of receiving a monitoring template submitted by a target user; identifying the content of the monitoring template to acquire monitoring configuration information in the monitoring template; generating a target monitoring item according to the monitoring configuration information; the scanning server inquires the currently running initial monitoring item to compare the target monitoring item with the initial monitoring item and judge whether the target monitoring item exists in the initial monitoring item; and if the target monitoring item does not exist in the initial monitoring item, establishing a log monitoring task based on the target monitoring item. According to the method, the interaction of the front end and the back end is realized by providing the monitoring template, the log monitoring task can be automatically established after the monitoring information is imported in batches by a user conveniently, a large number of monitoring items do not need to be added manually, the workload of the user is reduced, the repeated addition of the log monitoring task is prevented by checking the duplicate of the monitoring information, the waste of system resources is avoided, and the monitoring efficiency and the monitoring effectiveness are improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a diagram of an exemplary system architecture to which embodiments of the present application may be applied;
FIG. 2 is a flowchart of an embodiment of an adding method for log monitoring according to an embodiment of the present application;
FIG. 3 is a schematic structural diagram of an embodiment of an adding apparatus for log monitoring according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an embodiment of a computer device in an embodiment of the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein in the description of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application.
It is noted that the terms "comprises," "comprising," and "having" and any variations thereof in the description and claims of this application and the drawings described above are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus. In the claims, the description and the drawings of the specification of the present application, relational terms such as "first" and "second", and the like, may be used solely to distinguish one entity/action/object from another entity/action/object without necessarily requiring or implying any actual such relationship or order between such entities/actions/objects.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the relevant drawings in the embodiments of the present application.
As shown in fig. 1, the system architecture 100 may include a first terminal device 101, a second terminal device 102, a third terminal device 103, a network 104, and a server 105. The network 104 is used to provide a medium of communication links between the first terminal device 101, the second terminal device 102, the third terminal device 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the first terminal device 101, the second terminal device 102 and the third terminal device 103 to interact with the server 105 through the network 104 to receive or send messages or the like. Various communication client applications, such as a web browser application, a shopping application, a search application, an instant messaging tool, a mailbox client, social platform software, and the like, may be installed on the first terminal device 101, the second terminal device 102, and the third terminal device 103.
The first terminal device 101, the second terminal device 102, and the third terminal device 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to a smart phone, a tablet computer, an e-book reader, an MP3 player (Moving Picture Experts Group Audio L layer III, motion Picture Experts compression standard Audio layer 3), an MP4 player (Moving Picture Experts Group Audio L layer IV, motion Picture Experts compression standard Audio layer 4), a laptop portable computer, a desktop computer, and the like.
The server 105 may be a server that provides various services, such as a background server that provides support for pages displayed on the first terminal apparatus 101, the first terminal apparatus 102, and the third terminal apparatus 103.
It should be noted that the log monitoring adding method provided in the embodiment of the present application is generally executed by a server/terminal device, and accordingly, the log monitoring adding device is generally disposed in the server/terminal device.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
With continuing reference to FIG. 2, a flowchart of one embodiment of an add-on method of log monitoring described in an embodiment of the present application is shown. The log monitoring adding method comprises the following steps:
step 201: receiving a monitoring template submitted by a target user, wherein the monitoring template is completed by the target user.
In the process of log monitoring and maintenance work, if a new monitoring item needs to be added, a related monitoring template is filled in the front end of a server of a log monitoring platform, the monitoring template is submitted as feedback information after the filling is completed, and the back end of the server conducts further processing after the monitoring template is imported. When filling in the monitoring template, the target user can fill in configuration information about a plurality of monitoring items at one time so as to realize batch import.
In some embodiments of the present application, before step 201, the adding method of log monitoring further includes:
receiving a calling instruction of a preset monitoring template, wherein the template calling instruction indicates the type of the monitoring template to be called;
sending a monitoring template of a specified type in response to the calling instruction;
the step of receiving the monitoring template feedback information submitted by the target user in step 201 includes:
receiving a submission request of a target user for the monitoring template;
judging whether the monitoring template is filled completely;
and if so, importing the monitoring template submitted by the target user in response to the submission request.
Different types of monitoring templates are preset in the log monitoring platform, and when a target user operates in a front-end interface of the platform, after the type of the monitoring template to be called is set, a calling instruction of the monitoring template is sent to the server rear end through the server front end. And after receiving the calling instruction, the rear end of the server calls out the corresponding monitoring template from the database according to the calling instruction and sends the monitoring template to the front-end user interface, so that a user can conveniently fill in monitoring configuration information.
The method comprises the steps that a target user fills a monitoring template in a front-end user interface according to current monitoring requirements, the filled monitoring template is submitted from the front-end user interface as monitoring template feedback information, after the rear end of a server receives a submitting request of the target user, whether the monitoring template has related operation and maintenance authority and whether the monitoring template is filled completely are judged by identifying the user authority of the target user, if yes, the monitoring template submitted by the target user is led into the rear end in response to the submitting request, and therefore simple authority control is conducted, and the error rate of identification after the template is led in is reduced.
In this embodiment of the application, an electronic device (for example, the server/terminal device shown in fig. 1) on which the log monitoring adding method operates may receive the monitoring template submitted by the target user through a wired connection manner or a wireless connection manner. It should be noted that the wireless connection means may include, but is not limited to, a 3G/4G connection, a WiFi connection, a bluetooth connection, a WiMAX connection, a Zigbee connection, a uwb (ultra wideband) connection, and other wireless connection means now known or developed in the future.
Step 202: and identifying the content of the monitoring template to acquire monitoring configuration information in the monitoring template.
When filling in the monitoring template, the target user can perform custom editing under different configuration items of the monitoring template according to the current monitoring requirement, and the filled content may include other data information, such as identification information related to the target user, besides the monitoring configuration information. After the server acquires the monitoring template filled by the target user from the back end, the server can quickly acquire the relevant monitoring configuration information by identifying the content in the monitoring template.
In a specific implementation manner of the embodiment of the present application, the project parameters to be configured in the monitoring template include: monitoring system, monitoring item index, monitoring keyword, monitoring frequency, alarm receiving mode and alarm receiver. The above parameters all belong to monitoring configuration information, wherein the monitoring system is understood as an object server to be monitored, generally a current server; the monitoring index is an index to be monitored, such as memory usage, whether network connection timeout occurs or not, network connection timeout time/times, busy thread number and the like; the monitoring keyword can be understood as a keyword printed in a log when a system monitors a certain monitoring index, so as to mark and represent monitoring content related to the monitoring index.
Step 203: and generating a target monitoring item according to the monitoring configuration information.
The monitoring configuration information is essentially data information of a plurality of configuration items related to the establishment of the monitoring task in the monitoring template. By way of example, in some embodiments of the present application, as described in conjunction with the foregoing detailed description, when generating the target monitoring item, the target monitoring item is mainly based on the following items in the monitoring configuration information: monitoring system, monitoring item index, monitoring keyword, monitoring frequency, alarm receiving mode and alarm receiver.
Further understanding the generated target monitoring item: when the log monitoring platform runs the monitoring task, regarding the target monitoring item, taking the monitoring item index under the monitoring system as the monitoring content under the monitoring frequency, taking the monitoring keyword in the monitoring log generated thereby as the monitoring object, and notifying based on the alarm receiving mode and the alarm receiver when the related alarm is generated.
Step 204: the scanning server inquires the currently running initial monitoring item to compare the target monitoring item with the initial monitoring item and judge whether the target monitoring item exists in the initial monitoring item.
If the generated target monitoring item conflicts with the established log monitoring task, establishing a new log monitoring task for the target monitoring item wastes system resources and affects monitoring efficiency, so that duplicate checking needs to be carried out on the target monitoring item to judge whether the target monitoring item is the new log monitoring task or not, and repeated addition of monitoring is prevented.
The method comprises the steps of inquiring and acquiring an initial monitoring item which is currently operated by scanning monitoring information stored in a server database of a log monitoring platform, comparing a target monitoring item with the initial monitoring item, and judging whether the target monitoring item exists in the initial monitoring item, so as to determine whether the target monitoring item is a new log monitoring task.
In some embodiments of the present application, the step 204 comprises:
reading basic monitoring configuration items, identifying the basic monitoring configuration items in the target monitoring items to obtain a first comparison item, and identifying the basic monitoring configuration items in the initial monitoring items to obtain a second comparison item;
and judging whether the target monitoring item is repeated with the items in the initial monitoring item or not by sequentially comparing the parameter values of the first comparison item and the second comparison item.
And in the monitoring configuration information associated with the monitoring items, recording the items used for judging whether the monitoring items are repeated as basic monitoring configuration items. And respectively matching monitoring configuration information associated with the target monitoring item and the initial monitoring item according to the basic monitoring configuration item, and respectively acquiring a first comparison item and a second comparison item.
And comparing the parameter values of the first comparison item and the second comparison item, so that whether the corresponding target monitoring item and the initial monitoring item belong to repeated log monitoring tasks can be conveniently judged. If the parameter values of the first comparison item and the second comparison item are the same, the target monitoring item is repeated with a certain item in the initial monitoring item and exists in the initial monitoring item.
Further, the adding method of log monitoring further includes: and if the target monitoring item is judged to be repeated with the items in the initial monitoring item, updating the initial monitoring item matched with the target monitoring item based on the monitoring configuration information of the target monitoring item judged to be repeated.
And judging that the target monitoring item exists in the initial monitoring item according to the basic monitoring configuration item, but except the basic monitoring configuration item, other monitoring configuration information of the target monitoring item may be different from the initial monitoring item which is judged to be repeated, and updating the current monitoring task according to the latest monitoring configuration information so as to keep the initial monitoring item to meet the current monitoring requirement.
In one embodiment of the present application, the basic monitoring configuration item includes: monitoring system, monitoring item index, monitoring keyword, monitoring frequency and the like. Besides the basic monitoring configuration items, the monitoring configuration information further includes: alarm receiving mode and alarm receiver. It can be understood that when the initial monitoring item is updated, the parameter values of the items other than the basic monitoring configuration item in the monitoring configuration information, such as the alarm receiving mode and the alarm receiver, are updated.
Step 205: and if the target monitoring item is confirmed not to exist in the initial monitoring item, establishing a monitoring task based on the target monitoring item.
If the target monitoring item does not exist in the initial monitoring item, the target monitoring item is represented to belong to a new monitoring task, so that the monitoring task based on the target monitoring item is newly added in the server, and the log monitoring is executed through the initial monitoring item and the target monitoring item. Therefore, interaction of the front end and the back end of the log monitoring platform and batch import of monitoring items are realized through the steps, and corresponding monitoring tasks are established after duplicate checking and duplicate removal are carried out on monitoring information, so that waste of system resources is avoided, and monitoring efficiency is improved.
In some embodiments of the present application, after step 205, the adding method of log monitoring further includes:
setting a monitoring period and reading a preset abnormal log keyword set, wherein the abnormal log keyword set comprises a plurality of abnormal log keywords;
acquiring a monitoring log in the monitoring period;
counting the occurrence times of each abnormal log keyword in the monitoring log;
and if the occurrence frequency of the abnormal log keywords is greater than a preset alarm threshold, generating an alarm message based on the abnormal log keywords and sending the alarm message to a target user.
The abnormal log keywords refer to keywords printed in the log by the log monitoring platform when a certain kind of abnormal conditions or errors occur, and different errors correspond to different abnormal keywords. If the connection timeout is detected, the log monitoring platform prints out the log content containing "connection timeout" to indicate that an error of connection timeout occurs. The server database stores a set of abnormal log keywords, namely a log keyword set.
The method comprises the steps of distinguishing whether a system error corresponding to an abnormal log keyword belongs to a normal error or an abnormal error by counting the occurrence frequency of the abnormal log keyword in a set monitoring period, judging the system error to be the abnormal error if the occurrence frequency is larger than a certain numerical value, and generating an alarm message to be sent to a target user for prompt in time.
In a specific embodiment, the log monitoring adding method further includes:
if the occurrence frequency of the abnormal log keywords is greater than a preset alarm threshold value, identifying monitoring configuration information corresponding to the target monitoring item and the initial monitoring item based on the abnormal log keywords, and judging whether log monitoring tasks matched with the abnormal log keywords exist or not;
and if the log monitoring task matched with the abnormal log keyword does not exist, establishing a new log monitoring task based on the abnormal log keyword.
When the occurrence frequency of the abnormal log keywords is more than a certain numerical value, the abnormal errors occur in the system, and whether the log monitoring task in the current system server is obviously missed is judged by identifying whether a monitoring item for monitoring the abnormal errors exists in the existing monitoring task or receiving an alarm message about the abnormal errors. If the log monitoring task for monitoring the abnormal errors is absent in the system, the monitoring item based on the abnormal log keyword is automatically added according to the mode of adding the monitoring item by the similar keyword, so that a new log monitoring task is established, the monitoring loophole is complemented, and the monitoring safety and reliability are improved.
Further, after the step of establishing a new log monitoring task based on the abnormal log keyword, the log monitoring adding method further includes:
receiving a target abnormal keyword and a target time interval;
calling a target log monitoring task matched with the target abnormal keyword;
acquiring the alarm level of the target abnormal keyword in the target log monitoring task, a first level threshold and a second level threshold matched with a preset intelligent adjusting instruction, and the average monitoring frequency of the target abnormal keyword in the target time interval;
identifying a preset alarm threshold value matched with the alarm level of the target abnormal keyword;
comparing the average monitoring frequency with the alarm threshold value;
if the average monitoring frequency is smaller than the alarm threshold value and the alarm level is larger than or equal to the first level threshold value, activating a preset intelligent adjusting instruction to adjust the alarm threshold value to the average monitoring frequency;
and if the average monitoring frequency is greater than the alarm threshold and the alarm level is less than or equal to the second level threshold, activating a preset intelligent adjusting instruction to adjust the alarm threshold to the average monitoring frequency.
When monitoring and alarming are carried out after a log monitoring task is established by a log system, for some monitoring information, if the monitoring frequency is greater than an alarm threshold, a server can automatically generate alarm information for alarming, but actually, the monitoring frequency often does not reach the normal alarm threshold, so that normal alarming cannot be carried out, or the monitoring frequency always exceeds the alarm threshold, so that the alarming is too frequent. Therefore, intelligent adjustment and optimization of the alarm threshold are sometimes required to ensure the timeliness of the alarm and effectively control the number of alarms.
The alarm levels corresponding to the alarm messages of the log monitoring task can be generally divided into five levels of debug, info, war, error and false according to the importance degree of the alarm messages from low to high, and the alarm threshold value of the alarm messages with high alarm level and the alarm messages with low alarm level can be adjusted by adopting different adjustment schemes.
The intelligent adjusting instruction is preset in the server, and the activating condition of the intelligent adjusting instruction is set, namely the magnitude relation between the alarm level and the level threshold. During specific adjustment, determining a target abnormal keyword to be monitored and a target time interval, and comparing the average monitoring frequency with the alarm threshold after acquiring the alarm threshold of the target abnormal keyword and the average monitoring frequency in the target time interval.
If the average monitoring frequency is less than the alarm threshold, the occurrence frequency of the monitored target abnormal keywords in the system is generally difficult to reach the degree of activating the alarm, but the alarm level is high enough and belongs to a more important monitoring project, and at this moment, the alarm threshold can be adjusted to be lower, and the average monitoring frequency is adjusted to be the average monitoring frequency so as to timely send an alarm to the operation and maintenance personnel to remind the operation and maintenance personnel of finding a problem. If the average monitoring frequency is greater than the alarm threshold, the occurrence frequency of the monitored target abnormal keywords in the system can easily meet the condition of activating the alarm, but the alarm level is lower and belongs to a less important monitoring item, and at the moment, the alarm threshold can be adjusted upwards to be the average monitoring frequency so as to reduce the number of alarms sent to operation and maintenance personnel.
According to the log monitoring adding method, the interaction of the front end and the back end is realized by providing the monitoring template, a user can conveniently and automatically establish log monitoring tasks after the monitoring information is imported in batches, a large number of monitoring items do not need to be added manually, the workload of the user is reduced, the repeated addition of the log monitoring tasks is prevented by checking the monitoring information, the waste of system resources is avoided, and the monitoring efficiency and the monitoring effectiveness are improved.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the computer program is executed. The storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a Random Access Memory (RAM).
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
With further reference to fig. 3, fig. 3 shows a schematic structural diagram of an embodiment of an adding apparatus for log monitoring described in the embodiment of the present application. As an implementation of the method shown in fig. 2, the present application provides an embodiment of an adding apparatus for log monitoring, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 2, and the apparatus may be specifically applied to various electronic devices.
As shown in fig. 3, the adding device for log monitoring in this embodiment includes:
a template receiving module 301; the monitoring template is used for receiving a monitoring template submitted by a target user, and the monitoring template is completed by the target user.
A template identification module 302; the monitoring template is used for identifying the content of the monitoring template so as to acquire monitoring configuration information in the monitoring template.
A monitoring item generation module 303; and generating a target monitoring item according to the monitoring configuration information.
A monitor check module 304; the scanning server is used for inquiring the currently running initial monitoring item, comparing the target monitoring item with the initial monitoring item and judging whether the target monitoring item exists in the initial monitoring item.
A task creation module 305; and if the target monitoring item is not determined to exist in the initial monitoring item, establishing a log monitoring task based on the target monitoring item.
In some embodiments of the present application, the log monitoring adding device further includes: and a template sending module. The template sending module is used for receiving a calling instruction of a preset monitoring template and sending the monitoring template of a specified type in response to the calling instruction, wherein the template calling instruction indicates the type of the monitoring template to be called. The template receiving module 301 is further configured to receive a submission request of a target user for the monitoring template; judging whether the monitoring template is filled completely; and if so, importing the monitoring template submitted by the target user in response to the submission request.
In some embodiments of the present application, the monitoring and reviewing module 304 is further configured to read basic monitoring configuration items, identify a basic monitoring configuration item in the target monitoring item to obtain a first comparison item, and identify a basic monitoring configuration item in the initial monitoring item to obtain a second comparison item; and judging whether the target monitoring item is repeated with the items in the initial monitoring item or not by sequentially comparing the parameter values of the first comparison item and the second comparison item.
Further, the monitoring duplication checking module 304 is further configured to update the initial monitoring item matched with the target monitoring item based on the monitoring configuration information of the target monitoring item determined to be duplicated if it is determined that the target monitoring item is duplicated with the item in the initial monitoring item.
In some embodiments of the present application, the log monitoring adding device further includes: and a log monitoring and alarming module. The log monitoring and warning module is used for setting a monitoring period and reading a preset abnormal log key word set, wherein the abnormal log key subset comprises a plurality of abnormal log key words; acquiring a monitoring log in the monitoring period; counting the occurrence times of each abnormal log keyword in the monitoring log; and if the occurrence frequency of the abnormal log keywords is greater than a preset alarm threshold, generating an alarm message based on the abnormal log keywords and sending the alarm message to a target user.
In a specific embodiment, if the occurrence frequency of the abnormal log keyword is greater than a preset alarm threshold, the monitoring and duplication checking module 304 is further configured to identify, based on the abnormal log keyword, monitoring configuration information corresponding to the target monitoring item and the initial monitoring item, and determine whether a log monitoring task matching the abnormal log keyword already exists; if there is no log monitoring task matching the abnormal log keyword, a new log monitoring task is established based on the abnormal log keyword through the task creating module 305.
Further, the adding device for log monitoring further includes: and an alarm adjusting module. The alarm adjusting module is used for receiving a target abnormal keyword and a target time interval; calling a target log monitoring task matched with the target abnormal keyword; acquiring the alarm level of the target abnormal keyword in the target log monitoring task, a first level threshold and a second level threshold matched with a preset intelligent adjusting instruction, and the average monitoring frequency of the target abnormal keyword in the target time interval; identifying a preset alarm threshold value matched with the alarm level of the target abnormal keyword; comparing the average monitoring frequency with the alarm threshold value; if the average monitoring frequency is smaller than the alarm threshold value and the alarm level is larger than or equal to the first level threshold value, activating a preset intelligent adjusting instruction to adjust the alarm threshold value to the average monitoring frequency; and if the average monitoring frequency is greater than the alarm threshold and the alarm level is less than or equal to the second level threshold, activating a preset intelligent adjusting instruction to adjust the alarm threshold to the average monitoring frequency.
The adding device for log monitoring realizes front-end and back-end interaction by providing the monitoring template, can facilitate users to automatically establish log monitoring tasks after leading in monitoring information in batches, does not need to manually add a large number of monitoring items, reduces the workload of the users, prevents log monitoring tasks from being repeatedly added by checking the monitoring information, avoids wasting system resources, and improves the monitoring efficiency and the monitoring effectiveness.
In order to solve the technical problem, an embodiment of the present application further provides a computer device. Referring to fig. 4, fig. 4 is a block diagram of a basic structure of a computer device according to the present embodiment.
The computer device 6 comprises a memory 61, a processor 62, a network interface 63 communicatively connected to each other via a system bus. It is noted that only a computer device 6 having components 61-63 is shown, but it is understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead. As will be understood by those skilled in the art, the computer device is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and the hardware includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), an embedded device, and the like.
The computer device can be a desktop computer, a notebook, a palm computer, a cloud server and other computing devices. The computer equipment can carry out man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch panel or voice control equipment and the like.
The memory 61 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the memory 61 may be an internal storage unit of the computer device 6, such as a hard disk or a memory of the computer device 6. In other embodiments, the memory 61 may also be an external storage device of the computer device 6, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a flash Card (FlashCard), and the like, which are provided on the computer device 6. Of course, the memory 61 may also comprise both an internal storage unit of the computer device 6 and an external storage device thereof. In this embodiment, the memory 61 is generally used for storing an operating system installed in the computer device 6 and various application software, such as program codes of an adding method of log monitoring. Further, the memory 61 may also be used to temporarily store various types of data that have been output or are to be output.
The processor 62 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 62 is typically used to control the overall operation of the computer device 6. In this embodiment, the processor 62 is configured to execute the program code stored in the memory 61 or process data, for example, execute the program code of the log monitoring adding method.
The network interface 63 may comprise a wireless network interface or a wired network interface, and the network interface 63 is typically used for establishing a communication connection between the computer device 6 and other electronic devices.
The computer equipment provided by the embodiment of the application realizes front-end and back-end interaction by providing the monitoring template when the log monitoring is added by executing the computer program stored in the memory through the processor, can be convenient for a user to automatically establish the log monitoring task after the monitoring information is imported in batches, does not need to manually add a large number of monitoring items, reduces the workload of the user, and prevents repeated addition of the log monitoring task by checking the monitoring information, thereby avoiding wasting system resources and improving the effectiveness of monitoring efficiency and monitoring.
The present application further provides another embodiment, which is to provide a computer-readable storage medium storing a log monitoring adding program, where the log monitoring adding program is executable by at least one processor to cause the at least one processor to execute the steps of the log monitoring adding method as described above.
The calculating and storing medium provided by the embodiment of the application realizes front-end and back-end interaction by providing the monitoring template when executing the log monitoring added to the stored computer program, can be convenient for a user to automatically establish log monitoring tasks after the monitoring information is imported in batches, does not need to manually add a large number of monitoring items, reduces the workload of the user, and prevents repeated log monitoring tasks from being added by checking the monitoring information, thereby avoiding wasting system resources and improving the monitoring efficiency and the monitoring effectiveness.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present application.
In the above embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical division, and other divisions may be realized in practice, for example, a plurality of modules or components may be combined or integrated into another system, or some features may be omitted, or not executed.
The modules or components may or may not be physically separate, and the components shown as modules or components may or may not be physical modules, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules or components can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
The present application is not limited to the above-mentioned embodiments, the above-mentioned embodiments are preferred embodiments of the present application, and the present application is only used for illustrating the present application and not for limiting the scope of the present application, it should be noted that, for a person skilled in the art, it is still possible to make several improvements and modifications to the technical solutions described in the foregoing embodiments or to make equivalent substitutions for some technical features without departing from the principle of the present application. All equivalent structures made by using the contents of the specification and the drawings of the present application can be directly or indirectly applied to other related technical fields, and the same should be considered to be included in the protection scope of the present application.
It is to be understood that the above-described embodiments are merely illustrative of some, but not restrictive, of the broad invention, and that the appended drawings illustrate preferred embodiments of the invention and do not limit the scope of the invention. This application is capable of embodiments in many different forms and is provided for the purpose of enabling a thorough understanding of the disclosure of the application. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to one skilled in the art that the present application may be practiced without modification or with equivalents of some of the features described in the foregoing embodiments. All other embodiments that can be obtained by a person skilled in the art based on the embodiments in this application without any creative effort and all equivalent structures made by using the contents of the specification and the drawings of this application can be directly or indirectly applied to other related technical fields and are within the scope of protection of the present application.

Claims (10)

1. An adding method of log monitoring is characterized by comprising the following steps:
receiving a monitoring template submitted by a target user, wherein the monitoring template is completed by the target user;
identifying the content of the monitoring template to acquire monitoring configuration information in the monitoring template;
generating a target monitoring item according to the monitoring configuration information;
the scanning server inquires a currently running initial monitoring item to compare the target monitoring item with the initial monitoring item and judge whether the target monitoring item exists in the initial monitoring item;
and if the target monitoring item is confirmed not to exist in the initial monitoring item, establishing a log monitoring task based on the target monitoring item.
2. The log monitoring adding method according to claim 1, wherein before the step of receiving monitoring template feedback information submitted by a target user, the method further comprises:
receiving a calling instruction of a preset monitoring template, wherein the template calling instruction indicates the type of the monitoring template to be called;
sending a monitoring template of a specified type in response to the calling instruction;
the step of receiving the monitoring template feedback information submitted by the target user comprises the following steps:
receiving a submission request of a target user for the monitoring template;
judging whether the monitoring template is filled completely;
and if so, importing the monitoring template submitted by the target user in response to the submission request.
3. The log monitoring adding method according to claim 1, wherein the step of comparing the target monitoring item with the initial monitoring item and determining whether the target monitoring item already exists in the initial monitoring item comprises:
reading basic monitoring configuration items, identifying the basic monitoring configuration items in the target monitoring items to obtain a first comparison item, and identifying the basic monitoring configuration items in the initial monitoring items to obtain a second comparison item;
and judging whether the target monitoring item is repeated with the items in the initial monitoring item or not by sequentially comparing the parameter values of the first comparison item and the second comparison item.
4. The log monitoring addition method as recited in claim 3, wherein the method further comprises:
and if the target monitoring item is judged to be repeated with the items in the initial monitoring item, updating the initial monitoring item matched with the target monitoring item based on the monitoring configuration information of the target monitoring item judged to be repeated.
5. The log monitoring adding method according to claim 1, wherein after the step of establishing a log monitoring task based on the target monitoring item, the method further comprises:
setting a monitoring period and reading a preset abnormal log keyword set, wherein the abnormal log keyword set comprises a plurality of abnormal log keywords;
acquiring a monitoring log in the monitoring period;
counting the occurrence times of each abnormal log keyword in the monitoring log;
and if the occurrence frequency of the abnormal log keywords is greater than a preset alarm threshold, generating an alarm message based on the abnormal log keywords and sending the alarm message to a target user.
6. The log monitoring addition method as recited in claim 5, wherein the method further comprises:
if the occurrence frequency of the abnormal log keywords is greater than a preset alarm threshold value, identifying monitoring configuration information corresponding to the target monitoring item and the initial monitoring item based on the abnormal log keywords, and judging whether log monitoring tasks matched with the abnormal log keywords exist or not;
and if the log monitoring task matched with the abnormal log keyword does not exist, establishing a new log monitoring task based on the abnormal log keyword.
7. The log monitoring adding method according to claim 6, wherein after the step of establishing a new log monitoring task based on the abnormal log keyword, the method further comprises:
receiving a target abnormal keyword and a target time interval;
calling a target log monitoring task matched with the target abnormal keyword;
acquiring the alarm level of the target abnormal keyword in the target log monitoring task, a first level threshold and a second level threshold matched with a preset intelligent adjusting instruction, and the average monitoring frequency of the target abnormal keyword in the target time interval;
identifying a preset alarm threshold value matched with the alarm level of the target abnormal keyword;
comparing the average monitoring frequency with the alarm threshold value;
if the average monitoring frequency is smaller than the alarm threshold value and the alarm level is larger than or equal to the first level threshold value, activating a preset intelligent adjusting instruction to adjust the alarm threshold value to the average monitoring frequency;
and if the average monitoring frequency is greater than the alarm threshold and the alarm level is less than or equal to the second level threshold, activating a preset intelligent adjusting instruction to adjust the alarm threshold to the average monitoring frequency.
8. An adding apparatus of log monitoring, comprising:
the template receiving module is used for receiving a monitoring template submitted by a target user, and the monitoring template is filled by the target user;
the template identification module is used for identifying the content of the monitoring template so as to acquire monitoring configuration information in the monitoring template;
the monitoring item generating module is used for generating a target monitoring item according to the monitoring configuration information;
the monitoring and duplicate checking module is used for inquiring a currently running initial monitoring item by the scanning server so as to compare the target monitoring item with the initial monitoring item and judge whether the target monitoring item exists in the initial monitoring item;
and the task creating module is used for establishing a log monitoring task based on the target monitoring item if the target monitoring item is determined not to exist in the initial monitoring item.
9. A computer arrangement comprising a memory and a processor, characterized in that the memory has stored therein a computer program which, when being executed by the processor, carries out the steps of the method of adding log monitoring according to any one of claims 1-7.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the log-monitoring adding method according to any one of claims 1-7.
CN202010150182.6A 2020-03-05 2020-03-05 Log monitoring adding method and device, computer equipment and storage medium Pending CN111475369A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010150182.6A CN111475369A (en) 2020-03-05 2020-03-05 Log monitoring adding method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010150182.6A CN111475369A (en) 2020-03-05 2020-03-05 Log monitoring adding method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111475369A true CN111475369A (en) 2020-07-31

Family

ID=71747337

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010150182.6A Pending CN111475369A (en) 2020-03-05 2020-03-05 Log monitoring adding method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111475369A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112417354A (en) * 2020-11-26 2021-02-26 北京金山云网络技术有限公司 Content identification monitoring method, device, equipment and storage medium
CN113434585A (en) * 2021-06-29 2021-09-24 中国联合网络通信集团有限公司 Resource saving method and equipment
CN113704058A (en) * 2021-08-05 2021-11-26 北京百度网讯科技有限公司 Business model monitoring method and device and electronic equipment
CN113836160A (en) * 2021-09-28 2021-12-24 上海市大数据股份有限公司 Data flow state monitoring and warning system based on master-slave synchronization
CN113849370A (en) * 2021-09-24 2021-12-28 武汉联影医疗科技有限公司 Monitoring parameter adjusting method and device, computer equipment and storage medium
CN115499336A (en) * 2022-08-19 2022-12-20 恒丰银行股份有限公司 Method, equipment and medium for monitoring full life cycle of application system

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112417354A (en) * 2020-11-26 2021-02-26 北京金山云网络技术有限公司 Content identification monitoring method, device, equipment and storage medium
CN113434585A (en) * 2021-06-29 2021-09-24 中国联合网络通信集团有限公司 Resource saving method and equipment
CN113434585B (en) * 2021-06-29 2024-03-26 中国联合网络通信集团有限公司 Resource preservation method and equipment
CN113704058A (en) * 2021-08-05 2021-11-26 北京百度网讯科技有限公司 Business model monitoring method and device and electronic equipment
CN113704058B (en) * 2021-08-05 2024-04-09 北京百度网讯科技有限公司 Service model monitoring method and device and electronic equipment
CN113849370A (en) * 2021-09-24 2021-12-28 武汉联影医疗科技有限公司 Monitoring parameter adjusting method and device, computer equipment and storage medium
CN113836160A (en) * 2021-09-28 2021-12-24 上海市大数据股份有限公司 Data flow state monitoring and warning system based on master-slave synchronization
CN113836160B (en) * 2021-09-28 2024-01-23 上海市大数据股份有限公司 Data stream state monitoring alarm system based on master-slave synchronization
CN115499336A (en) * 2022-08-19 2022-12-20 恒丰银行股份有限公司 Method, equipment and medium for monitoring full life cycle of application system

Similar Documents

Publication Publication Date Title
CN111475369A (en) Log monitoring adding method and device, computer equipment and storage medium
CN112052111B (en) Processing method, device and equipment for server abnormity early warning and storage medium
CN111414334A (en) File fragment uploading method, device, equipment and storage medium based on cloud technology
CN113704065A (en) Monitoring method, device, equipment and computer storage medium
CN112115026B (en) Server cluster monitoring method and device, electronic equipment and readable storage medium
CN109669835B (en) MySQL database monitoring method, device, equipment and readable storage medium
CN109298960A (en) Application crashes processing method, device, computer installation and storage medium
CN109582547A (en) Electronic device, monitoring data alarm method and storage medium
CN111585785B (en) Method and device for shielding alarm information, computer equipment and storage medium
CN115329381A (en) Sensitive data-based analysis and early warning method and device, computer equipment and medium
CN111124917A (en) Public test case management and control method, device, equipment and storage medium
CN114157679A (en) Cloud-native-based distributed application monitoring method, device, equipment and medium
CN110677271B (en) Big data alarm method, device, equipment and storage medium based on ELK
CN112130936B (en) Data calling method, device, equipment and storage medium based on polling
CN115001989B (en) Equipment early warning method, device, equipment and readable storage medium
CN111130867B (en) Intelligent household equipment alarm method and device based on Internet of things
CN110807050B (en) Performance analysis method, device, computer equipment and storage medium
CN110191097A (en) Detection method, system, equipment and the storage medium of login page safety
CN113220342A (en) Centralized configuration method and device, electronic equipment and storage medium
CN110365642B (en) Method and device for monitoring information operation, computer equipment and storage medium
CN110851346A (en) Method, device and equipment for detecting boundary problem of query statement and storage medium
CN116483663A (en) Abnormality warning method and device for platform
CN115391141A (en) Database flow analysis method, device, equipment and readable storage medium
CN114615325A (en) Message pushing method and device, computer equipment and storage medium
CN109547290B (en) Cloud platform garbage data detection processing method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination