CN111475705A - SQ L query-based network service monitoring method, device, equipment and storage medium - Google Patents

SQ L query-based network service monitoring method, device, equipment and storage medium Download PDF

Info

Publication number
CN111475705A
CN111475705A CN202010141190.4A CN202010141190A CN111475705A CN 111475705 A CN111475705 A CN 111475705A CN 202010141190 A CN202010141190 A CN 202010141190A CN 111475705 A CN111475705 A CN 111475705A
Authority
CN
China
Prior art keywords
statement
service
abnormal
target database
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010141190.4A
Other languages
Chinese (zh)
Inventor
张文军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Life Insurance Company of China Ltd
Original Assignee
Ping An Life Insurance Company of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Life Insurance Company of China Ltd filed Critical Ping An Life Insurance Company of China Ltd
Priority to CN202010141190.4A priority Critical patent/CN111475705A/en
Publication of CN111475705A publication Critical patent/CN111475705A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • G06F16/9532Query formulation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/951Indexing; Web crawling techniques

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a SQ L query-based network service monitoring method, a device, equipment and a storage medium, and belongs to the technical field of computers, wherein the monitoring method comprises the steps of grabbing network traffic on at least one service system, analyzing the network traffic to obtain an SQ L statement in the network traffic, carrying out SQ L operation on a target database according to an SQ L statement to obtain first SQ L operation information, obtaining a log file of the target database, inquiring second SQ L operation information corresponding to an SQ L statement in the log file of the target database, comparing the first SQ L operation information with the second SQ L operation information, judging whether the network service is abnormal according to a comparison result, if the comparison result is not a null value and the comparison result is the same, judging the network service is a normal service, otherwise judging the network service is an abnormal service.

Description

SQ L query-based network service monitoring method, device, equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a storage medium for monitoring a network service based on SQ L query.
Background
At present, most of enterprises can develop and operate one or more sets of service systems matched with the service requirements of the enterprises according to the service requirements of the enterprises, because of different service requirements, developers need to adopt different structures and frames to develop according to the requirements when developing the systems, and finally developed systems have certain difference in data processing modes.
Moreover, in the prior art, developers often adopt zabbix, prometheus and other architectures to develop a network traffic monitoring system, but in the actual use process, when traffic monitoring is performed by adopting a zabbix architecture monitoring mode, the problem that operators are difficult to find abnormal data from a large number of data monitoring results exists; when data monitoring is performed by adopting a monitoring mode of a prometheus architecture, continuous monitoring of data services can be realized only by continuously changing configuration files by operators, and the more data volume in the monitoring process, the more configuration files need to be changed, the more burdensome task load is caused, and a large amount of work is brought to the operators.
Therefore, the existing network service monitoring mode or monitoring system has low portability, cannot complete the monitoring of network services in different service systems, is not suitable for the troubleshooting of abnormal network services in multiple systems and big data, and cannot achieve automatic monitoring and real-time monitoring in the network traffic monitoring process.
Disclosure of Invention
An object of the embodiments of the present application is to provide a method, an apparatus, a device, and a storage medium for monitoring a network service based on SQ L query, so as to solve the problems that the existing network service monitoring method or monitoring system is not high in portability, cannot complete monitoring of a network service in different service systems, and cannot perform real-time and automatic monitoring.
In order to solve the above technical problem, an embodiment of the present application provides a method for monitoring a network service based on SQ L query, which adopts the following technical solutions:
capturing network traffic on at least one service system;
analyzing the network flow to obtain an SQ L statement in the network flow;
carrying out SQ L operation on a target database according to an SQ L statement to obtain first SQ L operation information, wherein the target database is a database of at least one business system;
acquiring a log file of a target database, and inquiring second SQ L operation information corresponding to an SQ L statement in the log file of the target database, wherein the second SQ L operation information is information generated when a business system performs SQ L statement operation;
comparing the first SQ L operation information with the second SQ L operation information, and judging whether the network service is abnormal or not according to a comparison result;
if the comparison result is not a null value and the comparison results are the same, the network service is judged to be normal service, otherwise, the network service is judged to be abnormal service.
Further, after analyzing the network traffic and acquiring the SQ L statement in the network traffic, the method further includes:
acquiring a TCP network flow packet in network flow;
analyzing the TCP network flow packet to obtain TCP message information, wherein the TCP message information comprises an IP address of a target database, a port number of the target database, an IP address of a local port, a port number of the local port and first time information, and the first time information is the capturing time of the TCP message.
Further, before the SQ L operation is performed on the target database according to the SQ L statement to obtain the first SQ L operation information, the method further includes:
acquiring second time information, wherein the second time information is the grabbing time of the SQ L statement;
judging whether the first time information is consistent with the second time information;
if the first time information is consistent with the second time information, combining the TCP message information with an SQ L statement to form a request instruction;
according to the request instruction, the SQ L operation on the target database is requested.
Further, before requesting SQ L operation on the target database according to the request instruction, the method further includes:
receiving an authentication instruction of a target database;
performing authentication operation on the IP address of the target database, the port number of the target database, the IP address of the local port and the port number of the local port;
and if the authentication is passed, performing SQ L operation on the target database according to the request instruction.
Further, after analyzing the network traffic and acquiring the SQ L statement in the network traffic, the method further includes:
judging whether the SQ L statement already exists in a cache;
if the SQ L statement does not exist in the cache, saving the SQ L statement in the cache, and simultaneously saving second time information of the SQ L statement;
if the cache already contains the SQ L statement, the second time information of the SQ L statement is updated.
Further, comparing the first SQ L operation information with the second SQ L operation information, and determining whether the network service is abnormal according to the comparison result specifically includes:
extracting table names and SQ L fields in first SQ L operation information and second SQ L operation information respectively, wherein the first SQ L operation information comprises the first table name and the first SQ L field, and the second SQ L operation information comprises the second table name and the second SQ L field;
respectively comparing the first table name with the second table name, and the first SQ L field with the second SQ L field to obtain a comparison result;
and judging whether the network service is abnormal or not according to the comparison result.
Further, after determining that the network service is an abnormal service, the method further includes:
acquiring an SQ L statement of the abnormal service and an abnormal prompt generated after the SQ L statement of the abnormal service is executed;
combining the SQ L statement of the abnormal service with the abnormal prompt words to obtain service abnormal prompt information;
and outputting the service abnormity prompt information.
In order to solve the above technical problem, an embodiment of the present application further provides a network service monitoring apparatus based on SQ L query, which employs the following technical solutions:
the traffic grabbing module is used for grabbing network traffic on at least one service system;
the flow analysis module is used for analyzing the network flow to obtain an SQ L statement in the network flow;
the SQ L operation module is used for carrying out SQ L operation on a target database according to an SQ L statement to obtain first SQ L operation information, wherein the target database is a database of at least one business system;
the SQ L query module is used for acquiring a log file of a target database, and querying second SQ L operation information corresponding to an SQ L statement in the log file of the target database, wherein the second SQ L operation information is information generated when a business system performs SQ L statement operation;
the abnormity judgment module is used for comparing the first SQ L operation information with the second SQ L operation information and judging whether the network service is abnormal or not according to the comparison result;
and the judging result module is used for judging that the network service is a normal service if the comparison result is not a null value and the comparison result is the same, and otherwise, judging that the network service is an abnormal service.
In order to solve the above technical problem, an embodiment of the present application further provides a computer device, which adopts the following technical solutions:
the method comprises the steps of capturing network traffic on at least one service system, analyzing the network traffic to obtain SQ L sentences in the network traffic, carrying out SQ L operation on a target database according to SQ L sentences to obtain first SQ L operation information, wherein the target database is a database of at least one service system, obtaining log files of the target database, inquiring second SQ L operation information corresponding to SQ L sentences in the log files of the target database, wherein the second SQ L operation information is information generated when the service system carries out SQ L sentence operation, comparing the first SQ L operation information with the second SQ L operation information, judging whether the network traffic is abnormal according to a comparison result, if the comparison result is not null value and the comparison result is the same, judging the network traffic is normal traffic, and if not, the network traffic is abnormal traffic.
In order to solve the above technical problem, an embodiment of the present application further provides a computer-readable storage medium, which adopts the following technical solutions:
the method comprises the steps of capturing network traffic on at least one service system, analyzing the network traffic to obtain SQ L sentences in the network traffic, carrying out SQ L operation on a target database according to SQ L sentences to obtain first SQ L operation information, wherein the target database is a database of at least one service system, obtaining log files of the target database, inquiring second SQ L operation information corresponding to SQ L sentences in the log files of the target database, wherein the second SQ L operation information is information generated when the service system carries out SQ L sentence operation, comparing the first SQ L operation information with the second SQ L operation information, judging whether the network traffic is abnormal according to a comparison result, if the comparison result is not null value and the comparison result is the same, judging the network traffic is normal traffic, and if not, the network traffic is abnormal traffic.
Compared with the prior art, the embodiment of the application mainly has the following beneficial effects:
the application discloses a SQ L query-based network service monitoring method, a device, equipment and a storage medium, which belong to the technical field of computers, the monitoring method comprises the steps of grabbing network traffic on at least one service system, analyzing the network traffic to obtain an SQ L statement in the network traffic, conducting SQ L operation on a target database according to an SQ L statement to obtain first SQ L operation information, wherein the target database is a database of at least one service system, obtaining a log file of the target database, querying second SQ L operation information corresponding to an SQ L statement in the log file of the target database, wherein the second SQ L5 operation information is information generated when the service system conducts SQ L statement operation, comparing the first SQ L operation information with the second SQ L operation information, judging whether the network service is abnormal according to a comparison result, if the comparison result is not null and the comparison result is the same, judging that the network service is normal service, otherwise, judging that the network service is abnormal, comparing the SQ with the existing SQ L operation information with the operation information of the existing SQ 3638, and the operation database, automatically judging that the abnormal network service system can conduct SQ L, and the abnormal network service operation information can be conducted according to the abnormal network service query, thus the abnormal network service database, the abnormal network operation efficiency can be obtained by the abnormal operation method, the abnormal network operation information is obtained by the abnormal network operation database, and the abnormal network operation of the abnormal network service database, and the abnormal network operation of the abnormal network operation database is judged by comparing the abnormal operation of the abnormal network system, thereby being based on the abnormal operation of the abnormal network system, the abnormal operation of the abnormal network system, the abnormal network operation method, and the abnormal operation.
Drawings
In order to more clearly illustrate the solution of the present application, the drawings needed for describing the embodiments of the present application will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
Fig. 1 is an exemplary system architecture diagram of a bypass monitoring system in a network traffic monitoring method based on SQ L query according to an embodiment of the present application;
fig. 2 is a flowchart illustrating an implementation of a network service monitoring method based on SQ L query according to an embodiment of the present application;
FIG. 3 is a flowchart of one embodiment of step S202 in FIG. 2;
FIG. 4 is a flowchart of one embodiment of step S203 in FIG. 2;
FIG. 5 is a flowchart of one embodiment of step S404 of FIG. 4;
FIG. 6 is a flow diagram of another embodiment of step S202 in FIG. 2;
FIG. 7 is a flowchart of one embodiment of step S205 of FIG. 2;
FIG. 8 is a flowchart of one embodiment of step S206 of FIG. 2;
FIG. 9 is a schematic block diagram illustrating an embodiment of a SQ L query-based network traffic monitoring apparatus according to the present application;
FIG. 10 is a schematic block diagram of one embodiment of a computer device according to the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "including" and "having," and any variations thereof, in the description and claims of this application and the description of the above figures are intended to cover non-exclusive inclusions. The terms "first," "second," and the like in the description and claims of this application or in the above-described drawings are used for distinguishing between different objects and not for describing a particular order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings.
Example one
In the embodiment provided by the present application, an execution subject of each step may be a bypass monitoring system, please refer to fig. 1, fig. 1 shows an exemplary system architecture diagram of the bypass monitoring system in a network service monitoring method based on SQ L query according to the embodiment of the present application, where the bypass monitoring system 102 is composed of a traffic grabbing component 121, a monitoring center 122, and a cache 123, the traffic grabbing component 121 grabs network traffic transmitted on the middleware 101, the monitoring center 122 analyzes the grabbed network traffic to obtain an SQ L statement therein, and the cache 123 caches the analyzed SQ L statement, further, the monitoring center 122 performs an SQ L operation on a database of the service system according to the obtained SQ L statement to obtain a first SQ L operation result, compares the first SQ L operation result with a second SQ L operation result obtained when the service system directly performs the SQ L operation, and determines an abnormal situation of the network service according to the comparison result, thereby implementing automatic monitoring on the network service.
It should be noted that, because the bypass monitoring system 102 is independent from the service system, the bypass monitoring system 102 may be configured to monitor network services of different service systems, and the bypass monitoring system 102 may be applied to monitor in different service systems, so as to improve the portability of the network service monitoring system. Alternatively, the execution subject of each step may be a monitoring system operating in a monitoring device, and the monitoring device may be a terminal or a server.
In the embodiment provided by the application, the middleware is used for connecting different service systems to realize data intercommunication and resource sharing of the different service systems, and reduce the workload of maintenance, operation and management of the whole network. In a specific embodiment provided by the present application, please continue to refer to fig. 1, a middleware 101 is in communication connection with a service system 1, a service system 2, and a service system 3, and data traffic that needs to be generated in the operation process of the service system 1, the service system 2, and the service system 3 is uploaded to the middleware 101 for data sharing. In other embodiments provided by the present application, the middleware 101 may also be connected to more or less service systems, and the present application is not limited thereto.
With continuing reference to fig. 2, fig. 2 is a flowchart illustrating an implementation of the SQ L query-based network traffic monitoring method according to an embodiment of the present application, and for convenience of illustration, only the portions relevant to the present application are shown.
S201, capturing network flow on at least one service system.
Specifically, a traffic grabbing component of the bypass monitoring system grabs network traffic on at least one service system, where the network traffic on the at least one service system is network traffic transmitted on the middleware. It should be noted that the bypass monitoring system is independent of the service systems, and the bypass monitoring system is configured to monitor the network traffic of at least one service system, thereby implementing monitoring of different service systems and improving the portability of the network service monitoring system.
In the embodiment of the present application, the network traffic refers to a data volume transmitted in a network, that is, a data stream generated when a user accesses or downloads data, and the network traffic includes data traffic of a message type based on a transmission protocol, such as data traffic in an HTTP message format, data traffic in a TCP message format, data traffic in a UDP message format, data traffic in an FTP format, data traffic in an NFS format, and data traffic of all non-protocol types, where an SQ L statement belongs to one of the data traffic of the non-protocol types.
And S202, analyzing the network flow to acquire an SQ L statement in the network flow.
Specifically, the monitoring center of the bypass monitoring system analyzes the captured network traffic to obtain an SQ L statement in the network traffic.
Optionally, the traffic analysis tool in this application may be based on an L ua data analysis script, a Tshark command for analyzing the network traffic is set in a L ua data analysis script, the network traffic captured in step S101 is analyzed, and then a filter is used to filter an analysis result to obtain an SQ L statement therein, and optionally, the filter may be an SQ L statement filter, and information in other formats is filtered through an SQ L statement filter to obtain an SQ L statement in the analysis result.
In the embodiment of the application, the filter can be arranged to effectively filter out information except for the SQ L statement, so that the operating pressure of the bypass monitoring system is reduced, and meanwhile, the maintenance efficiency of operation and maintenance technicians is improved.
S203, according to the SQ L statement, carrying out SQ L operation on a target database to obtain first SQ L operation information, wherein the target database is a database of at least one business system.
Specifically, the monitoring center of the bypass monitoring system performs SQ L operation on the target database according to the SQ L statement acquired in step S202, to obtain first SQ L operation information.
It should be noted that, in the network service monitoring process, the monitoring center of the bypass monitoring system performs SQ L operation on the target database to obtain the first SQ L operation information, so that the service system does not need to perform SQ L operation again to determine the abnormal situation of the network service, thereby saving the operation resources of the service system and reducing the pressure of the service system.
In addition, the bypass monitoring system is independent of the service system, so that the bypass monitoring system can be used for monitoring network services of different service systems, and the portability of the network service monitoring system is improved.
S204, acquiring a log file of a target database, and inquiring second SQ L operation information corresponding to an SQ L statement in the log file of the target database, wherein the second SQ L operation information is information generated when a business system operates an SQ L statement;
specifically, the monitoring center of the bypass monitoring system acquires a log file of a target database through the middleware, and queries second SQ L operation information corresponding to an SQ L statement in the log file of the target database, wherein the target database is a database of at least one service system.
It should be noted that the second SQ L operation information is information generated when the service system performs the SQ L statement operation.
S205, comparing the first SQ L operation information with the second SQ L operation information, and judging whether the network service is abnormal or not according to a comparison result;
specifically, the first SQ L operation information and the second SQ L operation information are compared, that is, the monitoring center performs SQ L operation on the target database according to an SQ L statement to obtain first SQ L operation information, and compares the first SQ L operation information with second SQ L operation information generated when the service system performs SQ L statement operation, and determines whether the network service is abnormal according to a comparison result.
In one embodiment of the present application, the matching of the first SQ L operation information and the second SQ L operation information is embodied by matching a first table name in the first SQ L operation information and a second table name in the second SQ L operation information, and matching a first SQ L field in the first SQ L operation information and a second SQ L field in the second SQ L operation information.
And S206, if the comparison result is not a null value and is the same, determining that the network service is a normal service, otherwise, determining that the network service is an abnormal service.
Specifically, if the comparison result is not a null value and the comparison result is the same, it is proved that in step S203, the monitoring center performs SQ L operation on the target database according to the SQ L statement to obtain that the first SQ L operation information is the same as the second SQ L operation information corresponding to the queried SQ L statement, which indicates that the network service is not abnormal in the operation process, that is, the network service is a normal service, if the comparison result is a null value, it indicates that the network service is in a data loss condition in the operation process, that is, the network service is an abnormal service, and if the comparison result is different, that the network service is in a data abnormal condition in the operation process, that is, the network service is an abnormal service.
Compared with the prior art, the SQ L query-based network service monitoring method disclosed by the application does not need the service system to perform SQ L statement operation again to judge the abnormal condition of the network service, can judge the abnormal condition of the network service only by comparing first SQ L operation information obtained by performing SQ L operation on a target database by a bypass monitoring system according to an SQ L statement with second SQ L operation information obtained by querying a log file of the target database, realizes automatic monitoring of network services of different service systems, improves the portability of the network service monitoring system, is beneficial to system operators of an enterprise to quickly search abnormal network services, and greatly improves the efficiency and accuracy of searching abnormal data of large-data-volume network services.
Referring to fig. 3, fig. 3 is a flowchart of an embodiment of step S202 in fig. 2, and only the relevant portions are shown for the convenience of description.
As some optional implementations of this embodiment, after parsing the network traffic in step S202 and acquiring the SQ L statement in the network traffic, step S301 and step S302 are further included.
S301, acquiring a TCP network flow packet in network flow;
s302, analyzing the TCP network traffic packet to obtain TCP message information, wherein the TCP message information comprises an IP address of a target database, a port number of the target database, an IP address of a local port, a port number of the local port and first time information, and the first time information is the capturing time of the TCP message.
In a specific embodiment provided by the present application, after analyzing the network traffic in step S202, obtaining an analysis result, the method further includes: and capturing data with a protocol format of a TCP format in an analysis result by using a TCP Dump component, filtering out data with other formats, and summarizing the data with the TCP format to obtain a TCP network flow packet. The Dump component may grab the network traffic in real time according to the protocol type of the network traffic, such as the TCP Dump component. It should be additionally noted that, while the TCPDump component captures the TCP format data, the monitoring center records the time for capturing the TCP format data, that is, each TCP packet has a corresponding capture time, which is the first time information.
In a specific embodiment provided by the present application, analyzing the TCP network traffic packet to obtain the TCP message information specifically sets a Tshark command for analyzing the TCP network traffic packet in the L ua data analysis script to obtain the TCP message information.
Referring to fig. 4, fig. 4 is a flowchart of an embodiment of step S203 in fig. 2, and only the relevant portions are shown for convenience of description.
As some optional implementation manners of the embodiment, before the step S203 performs SQ L operation on the target database according to an SQ L statement to obtain first SQ L operation information, the method further comprises the steps of S401, S402, S403 and S404.
S401, acquiring second time information, wherein the second time information is the grabbing time of the SQ L statement;
s402, judging whether the first time information is consistent with the second time information;
s403, if the first time information is consistent with the second time information, combining the TCP message information with an SQ L statement to form a request instruction;
and S404, according to the request instruction, requesting to perform SQ L operation on the target database.
In the embodiment provided by the application, before the monitoring center performs SQ L operation on the target database according to an SQ L statement, the method further includes acquiring grabbing time of an SQ L0 statement, namely second time information, judging whether the first time information and the second time information are consistent, namely whether the grabbing time of the TCP message is consistent with the grabbing time of an SQ L statement, if the first time information and the second time information are consistent, namely the TCP message information corresponds to the SQ L statement, the monitoring center combines the TCP message information and the SQ L statement to form a complete request instruction, and requests to perform SQ L operation on the target database according to the request instruction, and if the first time information and the second time information are inconsistent, the monitoring center is not allowed to combine the TCP message information and the SQ L statement.
Referring to fig. 5, fig. 5 is a flowchart of an embodiment of step S404 in fig. 4, and only the relevant portions are shown for the convenience of description.
As some optional implementation manners of the embodiment, before the step S404 requests the SQ L operation on the target database according to the request instruction, the method further comprises a step S501, a step S502 and a step S503.
S501, receiving an authentication instruction of a target database;
s502, authenticating the IP address of the target database, the port number of the target database, the IP address of the local port and the port number of the local port;
and S503, if the authentication is passed, performing SQ L operation on the target database according to the request command.
In the embodiment of the application, after the monitoring center combines TCP message information and an SQ L statement to form a request instruction, the monitoring center sends the request instruction to a target database to request SQ L operation on the target database, the target database sends an authentication instruction to the monitoring center after receiving the request instruction, the monitoring center is required to authenticate an IP address of the target database, a port number of the target database, an IP address of a local port and a port number of the local port, the target database can carry out SQ L operation only under the condition that the authentication is passed, if the authentication is not passed, namely the information of the target database is not matched with the TCP message information, the monitoring center cannot carry out SQ L operation on the target database, and the accuracy and the safety of the information are further improved through the authentication operation.
In a specific embodiment provided by the present application, step S202 analyzes the network traffic, obtains that an SQ L statement in the network traffic is a select goods _ name from goods _ tb where goods _ status is 1, and the time for capturing the SQ L statement is 27 minutes and 30 seconds at 15 hours at 12 months and 12 days in 2019, that is, the second time information is 27 minutes and 30 seconds at 15 hours at 12 months and 12 days in 2019, and in step S302 analyzes the TCP network traffic packet to obtain TCP packet information, the IP address of the target database is 192.168.1.225, the port number of the target database is 8080, the IP address of the local port is 192.168.1.155, the port number of the local port is 1069, and the time for capturing the TCP packet is 27 minutes and 30 seconds at 15 days at 12 months and 12 days in 2019, that the first time information is 27 minutes and 30 seconds at 15 days at 12 months and 12 days in 2019.
The method comprises the steps that under the condition that first time information is consistent with second time information, a monitoring center combines TCP message information and an SQ L statement to form a request instruction and requests to carry out SQ L operation on a target database, wherein in a specific embodiment provided by the application, connection information of the target database is http:// 192.168.1.225: 8080/. after the target database receives the request instruction, the monitoring center is required to carry out authentication, the monitoring center respectively carries out authentication on an IP address 192.168.1.225 of the target database, a port number 8080 of the target database, an IP address 192.168.1.155 of a local port and a port number 1069 of the local port, after the authentication is passed, the monitoring center carries out SQ L operation of selecting goods _ name from the target database, the IP address is 3580, the IP address is 192.168.1.155 of the local port, the SQ L operation is carried out on the target database, namely, 27 minutes and 30 seconds are carried out on the target database with the IP address 192.168.1.225 and the port number 8080 at 15.8.2019, and the SQ L operation is carried out on the target database, and the SQ 361 query condition that the name of the commodity is the name of the SQ 361.
Referring to fig. 6, fig. 6 is a flowchart of another specific implementation of step S202 in fig. 2, and only the relevant portions of the present application are shown for convenience of description.
As some optional implementations of this embodiment, after parsing the network traffic in step S202 and acquiring an SQ L statement in the network traffic, step S601, step S602, and step S603 are further included.
S601, judging whether the SQ L statement already exists in the cache;
s602, if the SQ L statement does not exist in the cache, storing the SQ L statement in the cache, and simultaneously storing second time information of the SQ L statement;
s603, if the cache already contains the SQ L statement, the second time information of the SQ L statement is updated.
Specifically, after analyzing the network traffic in step S202 and acquiring the SQ L statement in the network traffic, the method further includes determining whether the SQ L statement already exists in the cache, if the SQ L0 statement does not exist in the cache, saving the SQ L1 statement in the cache, and saving the second time information of the SQ L2 statement, that is, saving the grab time of the SQ L statement, and if the SQ L statement already exists in the cache, the method does not need to save the SQ L statement again, and only needs to update the second time information of the SQ L statement, that is, update the grab time of the SQ L statement, and by determining whether the SQ L statement already exists in the cache, the method can save a new SQ L statement, and when saving the receipt of the SQ L statement, only updates the time information of the cached SQ L statement, thereby effectively reducing the pressure of the cache.
It should be noted that the cache is used for storing information generated when the monitoring center analyzes the network traffic, for example, capturing time of SQ L statement, SQ L statement, TCP message information, and the like, for the monitoring center to call.
Referring to fig. 7, fig. 7 is a flowchart of an embodiment of step S205 in fig. 2, and only the relevant portions are shown for convenience of description.
As some optional implementation manners of this embodiment, the step S205 of comparing the first SQ L operation information with the second SQ L operation information, and determining whether the network traffic is abnormal according to the comparison result specifically includes the steps S701, S702, and S703.
S701, table names and SQ L fields in first SQ L operation information and second SQ L operation information are respectively extracted, wherein the first SQ L operation information comprises the first table name and the first SQ L field, and the second SQ L operation information comprises the second table name and the second SQ L field;
s702, comparing the first table name with the second table name, and comparing the first SQ L field with the second SQ L field to obtain comparison results;
and S703, judging whether the network service is abnormal or not according to the comparison result.
Specifically, a first table name and a first SQ L field are extracted from the first SQ L operation information, a second table name and a second SQ L field are extracted from the second SQ L operation information,
in one embodiment provided herein, the first table name and the second table name, and the first SQ L field and the second SQ L field may be aligned by null algorithm, and the specific alignment process is as follows:
if (null & & null ═ b) { system.out.println ("null value for alignment") },
wherein, a represents a first table name or a first SQ L field in the first SQ L operation information, and b represents a second table name or a second SQ L field in the second SQ L operation information.
if (null | & & & & & & & & a.equials (b)) { system.out.println ("alignment is not null, and is the same") },
in the comparison process, if a and b are not null values and the values of a and b are the same, the output comparison result is not null value and is the same, namely the comparison result is not null value and the comparison result is the same.
In other embodiments provided herein, the first table name and the second table name, the first SQ L field and the second SQ L field may be aligned by using a ternary algorithm or other algorithms, which is not limited in this application.
In the embodiment provided by the present application, the determining, according to the comparison result, the abnormal condition of the network service specifically includes: if the comparison result is not a null value and the comparison results are the same, the network service is judged to be a normal service, if the comparison results are null values or the comparison results are different, the network service is judged to be an abnormal service, and the automatic monitoring of the network service is realized through the judgment.
Referring to fig. 8, fig. 8 is a flowchart of an embodiment of step S206 in fig. 2, and only the relevant portions are shown for the convenience of description.
As some optional implementation manners of this embodiment, after determining that the network traffic is abnormal traffic in step S206, the method further includes:
s801, acquiring an SQ L statement of the abnormal service and an abnormal prompt generated after the SQ L statement of the abnormal service is executed;
s802, combining the SQ L statement of the abnormal service with the abnormal prompt words to obtain service abnormal prompt information;
and S803, outputting the service abnormity prompting information.
Specifically, after the network service is determined to be an abnormal service in step S206, the abnormal prompt generated after the SQ L statement of the abnormal service and the SQ L statement of the abnormal service are acquired, the SQ L statement of the abnormal service and the abnormal prompt are combined to obtain service abnormality prompt information, and the service abnormality prompt information is output.
In a specific embodiment provided by the application, the SQ L statement of the abnormal network service is "select x from tb _ user where user name ═ username } and password ═ pwd }", an abnormal prompt of "service function call failure" is obtained after the SQ L statement of the abnormal network service is executed, the monitoring center combines the SQ L statement and the abnormal prompt of the abnormal service to obtain a service abnormal prompt message "service function call failure select x from tb _ user where user name ═ username } and password ═ pwd }", and finally the obtained service abnormal prompt message is output to a user interface, so that the user can conveniently check the message.
The application discloses a SQ L query-based network service monitoring method, a device, equipment and a storage medium, which belong to the technical field of computers, the monitoring method comprises the steps of grabbing network traffic on at least one service system, analyzing the network traffic to obtain an SQ L statement in the network traffic, conducting SQ L operation on a target database according to an SQ L statement to obtain first SQ L operation information, wherein the target database is a database of at least one service system, obtaining a log file of the target database, querying second SQ L operation information corresponding to an SQ L statement in the log file of the target database, wherein the second SQ L5 operation information is information generated when the service system conducts SQ L statement operation, comparing the first SQ L operation information with the second SQ L operation information, judging whether the network service is abnormal according to a comparison result, if the comparison result is not null and the comparison result is the same, judging that the network service is normal service, otherwise, the network service is abnormal, judging that the network service is abnormal based on the SQ L query operation information, the existing SQ 3637 operation database, and the abnormal operation information of the target database, and the abnormal operation database are obtained by comparing SQ L, the abnormal operation information of the existing SQ 3638, the method, which is beneficial to the network service system, the abnormal situation that the abnormal network service query efficiency is greatly improved by the network service query efficiency is obtained by the abnormal network service database is judged by the abnormal network service database.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware associated with computer readable instructions, which can be stored in a computer readable storage medium, and when executed, the processes of the embodiments of the methods described above can be included. The storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a Random Access Memory (RAM).
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
Example two
With further reference to fig. 9, as an implementation of the method shown in fig. 2, the present application provides an embodiment of a network traffic monitoring apparatus based on SQ L query, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 2, and the apparatus may be specifically applied to various electronic devices, the network traffic monitoring apparatus based on SQ L query includes:
a traffic grabbing module 901, configured to grab network traffic on at least one service system;
a traffic analysis module 902, configured to analyze the network traffic to obtain an SQ L statement in the network traffic;
an SQ L operation module 903, configured to perform SQ L operation on a target database according to an SQ L statement to obtain first SQ L operation information, where the target database is a database of at least one service system;
the SQ L query module 904 is configured to obtain a log file of the target database, and query, in the log file of the target database, second SQ L operation information corresponding to an SQ L statement, where the second SQ L operation information is information generated when the service system performs an SQ L statement operation;
the abnormity judgment module 905 is used for comparing the first SQ L operation information with the second SQ L operation information and judging whether the network service is abnormal or not according to the comparison result;
a result determining module 906, configured to determine that the network service is a normal service if the comparison result is not a null value and the comparison results are the same, and otherwise determine that the network service is an abnormal service.
Further, the device for monitoring network traffic based on SQ L query further includes:
a TCP information obtaining module 907, configured to obtain a TCP network traffic packet in the network traffic;
the TCP information parsing module 908 is configured to parse the TCP network traffic packet to obtain TCP message information, where the TCP message information includes an IP address of the target database, a port number of the target database, an IP address of the local port, a port number of the local port, and first time information, and the first time information is capturing time of the TCP message.
Further, the device for monitoring network traffic based on SQ L query further includes:
an SQ L information obtaining module 909, configured to obtain second time information, where the second time information is a grabbing time of an SQ L statement;
a time information determining module 910, configured to determine whether the first time information and the second time information are consistent;
a time information judgment result module 911, configured to combine the TCP message information and the SQ L statement to form a request instruction if the first time information is consistent with the second time information;
a request operation module 912, configured to request, according to the request instruction, an SQ L operation on the target database.
Further, the device for monitoring network traffic based on SQ L query further includes:
an instruction authentication module 913, configured to receive an authentication instruction of the target database;
the authentication operation module 914 is used for performing authentication operation on the IP address of the target database, the port number of the target database, the IP address of the local port and the port number of the local port;
and an authentication result module 915, configured to perform SQ L operation on the target database according to the request instruction if the authentication is passed.
Further, the device for monitoring network traffic based on SQ L query further includes:
a cache determination module 916, configured to determine whether the SQ L statement already exists in the cache;
a cache judgment result module 917 configured to, if the SQ L statement does not exist in the cache, store the SQ L statement in the cache, and simultaneously store the second time information of the SQ L statement;
an update module 918, configured to update the second time information of the SQ L statement if the cache already contains the SQ L statement.
Further, the abnormality determining module 905 specifically includes:
an operation information extraction unit 951, configured to extract a table name and an SQ L field in first SQ L operation information and second SQ L operation information, respectively, where the first SQ L operation information includes a first table name and a first SQ L field, and the second SQ L operation information includes a second table name and a second SQ L field;
a comparing unit 952, configured to compare the first table name with the second table name, and compare the first SQ L field with the second SQ L field, respectively, to obtain a comparison result;
a judging unit 953, configured to judge an abnormal situation of the network service according to the comparison result.
Further, the device for monitoring network traffic based on SQ L query further includes:
an abnormal information obtaining module 919, configured to obtain an SQ L statement of the abnormal service and an abnormal prompt generated after executing an SQ L statement of the abnormal service;
the abnormal information combination module 920 is used for combining the SQ L statement of the abnormal service with the abnormal prompt to obtain service abnormal prompt information;
and an abnormal information output module 921, configured to output the service abnormal prompting information.
The application discloses a SQ L query-based network service monitoring device, which comprises a flow grabbing module 901 for grabbing network flow on at least one service system, a flow analyzing module 902 for analyzing the network flow to obtain SQ L statements in the network flow, an SQ L0 operating module 903 for performing SQ L operation on a target database according to SQ L statements to obtain first SQ L operating information, wherein the target database is a database of at least one service system, an SQ L querying module 904 for obtaining log files of the target database, querying second SQ L operating information corresponding to SQ L statements in the log files of the target database, wherein the second SQ L operating information is information generated when the service system performs statement operation on SQ L statements, an abnormity judging module 905 for comparing the first SQ 48 operating information with the second SQ L operating information, judging whether the network service is abnormal according to a comparison result, a result module 906 is used for judging whether the SQ 638 operating information is abnormal by the service system, if the result is abnormal, the result is used for comparing the SQ 638 query result, the SQ 638 query result is used for quickly judging that the abnormal network service data is abnormal, otherwise, the abnormal network service data is abnormal, the abnormal data obtained by an abnormal enterprise, the abnormal operation device is capable of automatically judging that the abnormal operation of automatically judging that the SQ 638 query result is abnormal network service system, otherwise, the abnormal operation of the abnormal network system, the abnormal operation of the abnormal network system is judged by comparing the abnormal operation of the abnormal network system, the abnormal operation of the abnormal enterprise, otherwise, the abnormal enterprise, the abnormal operation of the abnormal enterprise, the abnormal enterprise can be judged by comparing the abnormal.
EXAMPLE III
In order to solve the technical problem, an embodiment of the present application further provides a computer device. Referring to fig. 10, fig. 10 is a block diagram of a basic structure of a computer device according to the present embodiment.
The computer device 6 comprises a memory 61, a processor 62, a network interface 63 communicatively connected to each other via a system bus. It is noted that only a computer device 6 having components 61-63 is shown, but it is understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead. As will be understood by those skilled in the art, the computer device is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and the hardware includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), an embedded device, and the like.
The computer device can be a desktop computer, a notebook, a palm computer, a cloud server and other computing devices. The computer equipment can carry out man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch panel or voice control equipment and the like.
The memory 61 includes at least one type of readable storage medium including flash memory, a hard disk, a multimedia Card, a Card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), Static Random Access Memory (SRAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), Programmable Read Only Memory (PROM), magnetic memory, magnetic disk, optical disk, etc. in some embodiments, the memory 61 may be an internal storage unit of the computer device 6, such as a hard disk or memory of the computer device 6. in other embodiments, the memory 61 may also be an external storage device of the computer device 6, such as a plug-in hard disk provided on the computer device 6, a Smart Media Card (SMC), a Secure Digital (SD) Card, a flash Card (FlashCard), etc. of course, the memory 61 may include both an internal storage unit of the computer device 6 and an external storage device thereof. in this embodiment, the memory 61 is generally used to store operating systems installed in the computer device 6 and to temporarily store SQ operating system software, and to output data based on methods such as, and to temporarily output service monitoring and other types of data.
The processor 62 may in some embodiments be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip, the processor 62 generally being used to control the overall operation of the computer device 6, in this embodiment the processor 62 is used to run program code stored in the memory 61 or to process data, such as program code running the SQ L query-based network traffic monitoring method.
The network interface 63 may comprise a wireless network interface or a wired network interface, and the network interface 63 is typically used for establishing a communication connection between the computer device 6 and other electronic devices.
The present application further provides another embodiment, which is to provide a computer readable storage medium storing a program of the SQ L query based network traffic monitoring method, where the program of the SQ L query based network traffic monitoring method is executable by at least one processor to cause the at least one processor to perform the steps of the SQ L query based network traffic monitoring method as described above.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present application.
It is to be understood that the above-described embodiments are merely illustrative of some, but not restrictive, of the broad invention, and that the appended drawings illustrate preferred embodiments of the invention and do not limit the scope of the invention. This application is capable of embodiments in many different forms and is provided for the purpose of enabling a thorough understanding of the disclosure of the application. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to one skilled in the art that the present application may be practiced without modification or with equivalents of some of the features described in the foregoing embodiments. All equivalent structures made by using the contents of the specification and the drawings of the present application are directly or indirectly applied to other related technical fields and are within the protection scope of the present application.

Claims (10)

1. A SQ L query-based network traffic monitoring method is characterized by comprising the following steps:
capturing network traffic on at least one service system;
analyzing the network flow to acquire an SQ L statement in the network flow;
carrying out SQ L operation on a target database according to the SQ L statement to obtain first SQ L operation information, wherein the target database is a database of the at least one business system;
acquiring a log file of the target database, and querying second SQ L operation information corresponding to the SQ L statement in the log file of the target database, wherein the second SQ L operation information is information generated when a business system performs the SQ L statement operation;
comparing the first SQ L operation information with the second SQ L operation information, and judging whether the network service is abnormal or not according to a comparison result;
if the comparison result is not a null value and the comparison results are the same, determining that the network service is a normal service, otherwise determining that the network service is an abnormal service.
2. The method for monitoring network traffic based on SQ L query as claimed in claim 1, wherein after the parsing the network traffic and obtaining SQ L statement in the network traffic, further comprising:
acquiring a TCP network flow packet in the network flow;
analyzing the TCP network flow packet to obtain TCP message information, wherein the TCP message information comprises an IP address of the target database, a port number of the target database, an IP address of a local port, a port number of the local port and first time information, and the first time information is the capturing time of the TCP message.
3. The method for monitoring network traffic based on SQ L query as claimed in claim 2, wherein before said performing SQ L operation on the target database according to the SQ L statement to obtain the first SQ L operation information, further comprising:
acquiring second time information, wherein the second time information is grabbing time of an SQ L statement;
judging whether the first time information and the second time information are consistent;
if the first time information is consistent with the second time information, combining the TCP message information with the SQ L statement to form a request instruction;
according to the request instruction, the SQ L operation on the target database is requested.
4. The SQ L query-based network traffic monitoring method of claim 3, wherein prior to the requesting SQ L operation on the target database in accordance with the request directive, further comprising:
receiving an authentication instruction of the target database;
performing authentication operation on the IP address of the target database, the port number of the target database, the IP address of a local port and the port number of the local port;
and if the authentication is passed, carrying out SQ L operation on the target database according to the request instruction.
5. The SQ L query-based network traffic monitoring method as claimed in any one of claims 1-4, wherein after parsing the network traffic and obtaining SQ L statements in the network traffic, further comprising:
determining whether the SQ L statement already exists in a cache;
if the SQ L statement does not exist in a cache, saving the SQ L statement in the cache, and simultaneously saving second time information of the SQ L statement;
and if the cache already contains the SQ L statement, updating second time information of the SQ L statement.
6. The method for monitoring network traffic based on SQ L query as claimed in claim 1, wherein the comparing the first SQ L operation information with the second SQ L operation information, and determining whether the network traffic is abnormal according to the comparison result specifically comprises:
extracting table names and SQ L fields in the first SQ L operation information and the second SQ L operation information respectively, wherein the first SQ L operation information comprises a first table name and a first SQ L field, and the second SQ L operation information comprises a second table name and a second SQ L field;
respectively comparing the first table name with the second table name, and the first SQ L field with the second SQ L field to obtain comparison results;
and judging whether the network service is abnormal or not according to the comparison result.
7. The SQ L query-based network traffic monitoring method of claim 1, wherein after the determining that the network traffic is abnormal traffic, further comprising:
acquiring an SQ L statement of the abnormal service and an abnormal prompt generated after the SQ L statement of the abnormal service is executed;
combining the SQ L statement of the abnormal service with the abnormal prompt words to obtain service abnormal prompt information;
and outputting the service abnormity prompt information.
8. A SQ L query-based network traffic monitoring apparatus, comprising:
the traffic grabbing module is used for grabbing network traffic on at least one service system;
the flow analysis module is used for analyzing the network flow to acquire an SQ L statement in the network flow;
the SQ L operation module is used for carrying out SQ L operation on a target database according to the SQ L statement to obtain first SQ L operation information, wherein the target database is a database of the at least one business system;
the SQ L query module is configured to acquire a log file of the target database, and query, in the log file of the target database, second SQ L operation information corresponding to the SQ L statement, where the second SQ L operation information is information generated when a business system performs an SQ L statement operation;
the abnormity judgment module is used for comparing the first SQ L operation information with the second SQ L operation information and judging whether the network service is abnormal or not according to a comparison result;
and the judging result module is used for judging that the network service is a normal service if the comparison result is not a null value and the comparison results are the same, and otherwise, judging that the network service is an abnormal service.
9. A computer apparatus comprising a memory having computer readable instructions stored therein and a processor which when executed implements the steps of a SQ L query based network traffic monitoring method as claimed in any one of claims 1 to 7.
10. A computer readable storage medium having stored thereon computer readable instructions which, when executed by a processor, carry out the steps of the SQ L query-based network traffic monitoring method according to any one of claims 1 to 7.
CN202010141190.4A 2020-03-05 2020-03-05 SQ L query-based network service monitoring method, device, equipment and storage medium Pending CN111475705A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010141190.4A CN111475705A (en) 2020-03-05 2020-03-05 SQ L query-based network service monitoring method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010141190.4A CN111475705A (en) 2020-03-05 2020-03-05 SQ L query-based network service monitoring method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111475705A true CN111475705A (en) 2020-07-31

Family

ID=71747093

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010141190.4A Pending CN111475705A (en) 2020-03-05 2020-03-05 SQ L query-based network service monitoring method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111475705A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112416701A (en) * 2020-09-07 2021-02-26 上海哔哩哔哩科技有限公司 Service data monitoring method and device, computer equipment and readable storage medium
CN113590487A (en) * 2021-08-03 2021-11-02 北京安天网络安全技术有限公司 Verification method and device of flow analysis program, computing equipment and storage medium
CN113660248A (en) * 2021-08-11 2021-11-16 杭州安恒信息技术股份有限公司 Service flow isolation method, system, readable storage medium and device
CN115086961A (en) * 2022-05-16 2022-09-20 芯原微电子(上海)股份有限公司 Wireless packet capturing method, system, device and medium based on user-defined filtering

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112416701A (en) * 2020-09-07 2021-02-26 上海哔哩哔哩科技有限公司 Service data monitoring method and device, computer equipment and readable storage medium
CN112416701B (en) * 2020-09-07 2023-02-17 上海哔哩哔哩科技有限公司 Service data monitoring method and device, computer equipment and readable storage medium
CN113590487A (en) * 2021-08-03 2021-11-02 北京安天网络安全技术有限公司 Verification method and device of flow analysis program, computing equipment and storage medium
CN113590487B (en) * 2021-08-03 2024-04-09 北京安天网络安全技术有限公司 Verification method and device for flow analysis program, computing device and storage medium
CN113660248A (en) * 2021-08-11 2021-11-16 杭州安恒信息技术股份有限公司 Service flow isolation method, system, readable storage medium and device
CN113660248B (en) * 2021-08-11 2023-05-26 杭州安恒信息技术股份有限公司 Service traffic isolation method, system, readable storage medium and device
CN115086961A (en) * 2022-05-16 2022-09-20 芯原微电子(上海)股份有限公司 Wireless packet capturing method, system, device and medium based on user-defined filtering

Similar Documents

Publication Publication Date Title
CN111475705A (en) SQ L query-based network service monitoring method, device, equipment and storage medium
CN111367983B (en) Database access method, system, device and storage medium
WO2019140828A1 (en) Electronic apparatus, method for querying logs in distributed system, and storage medium
US20140081925A1 (en) Managing Incident Reports
CN111866016B (en) Log analysis method and system
CN110798445B (en) Public gateway interface testing method and device, computer equipment and storage medium
CN109543891B (en) Method and apparatus for establishing capacity prediction model, and computer-readable storage medium
WO2020224100A1 (en) Blockchain configuration file processing apparatus, system, and method, and storage medium
CN111954240A (en) Network fault processing method and device and electronic equipment
CN113472798B (en) Method, device, equipment and medium for backtracking and analyzing network data packet
CN112148545A (en) Security baseline detection method and security baseline detection system of embedded system
CN111400085A (en) Transaction rollback exception processing method and device, computer equipment and storage medium
CN108768742B (en) Network construction method and device, electronic equipment and storage medium
CN111159009A (en) Pressure testing method and device for log service system
CN108959646B (en) Method, system, device and storage medium for automatically verifying communication number
CN114090514A (en) Log retrieval method and device for distributed system
CN109327433B (en) Threat perception method and system based on operation scene analysis
CN114765599A (en) Sub-domain name acquisition method and device
CN114640522B (en) Firewall security policy processing method, device, equipment and storage medium
CN115361231B (en) Host abnormal flow detection method, system and equipment based on access baseline
CN115038089B (en) Multi-terminal data monitoring and collecting method based on information extraction
CN109547290B (en) Cloud platform garbage data detection processing method, device, equipment and storage medium
CN110012023B (en) Poison-throwing type anti-climbing method, system, terminal and medium
CN109639686B (en) Distributed webpage filtering method and device, electronic equipment and storage medium
CN110798340A (en) Port information combing method, device and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination