CN111563069B - Probe configuration method and system of industrial control equipment - Google Patents
Probe configuration method and system of industrial control equipment Download PDFInfo
- Publication number
- CN111563069B CN111563069B CN202010374121.8A CN202010374121A CN111563069B CN 111563069 B CN111563069 B CN 111563069B CN 202010374121 A CN202010374121 A CN 202010374121A CN 111563069 B CN111563069 B CN 111563069B
- Authority
- CN
- China
- Prior art keywords
- cluster
- probe
- data processing
- processing service
- capacity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
- G06F16/211—Schema design and management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2462—Approximate or statistical queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
Abstract
The application relates to a probe configuration method of industrial control equipment and a probe configuration system of the industrial control equipment. The probe configuration method of the industrial control equipment comprises the following steps: the control platform stores the configuration information of the probe of the industrial control equipment into a redis database; the probe accesses the redis database to acquire and apply the configuration information. The application solves the problem of unreliable probe configuration in the related technology and realizes the beneficial effect of real-time effective probe configuration information.
Description
Technical Field
The application relates to the field of industrial control safety, in particular to a probe configuration method and a probe configuration system of industrial control equipment.
Background
In recent years, information security of industrial control systems has been of unprecedented high interest. Since the fourth industrial revolution era, the trend of the Internet of things, the actual combat of industrial control safety and the interconnection and intercommunication of industrial control equipment are gradually enhanced, and the industrial control safety still has imperfect parts in each link of detection, analysis and response.
For example, in the aspect of detection of industrial control safety, probes are usually deployed at each node of an industrial control system, and the probes scan various equipment conditions, communication conditions and safety conditions of the corresponding nodes. In the related art, a scheme of managing probes by a platform is adopted, configuration information of the probes is stored in a probe database, when the configuration information of the probes needs to be modified, the platform generally sends an mq message to the probes in an mq (message queue) manner, and the modified configuration information is stored in the probe database so that the probes can acquire new configuration information to execute a scanning task. However, in this process, there is a possibility that communication between the mq message and the probe database is abnormal, for example, the mq message is lost due to a failure of the transmission network, or a service of the probe database is closed, and these problems may cause that the probe waiting for configuration at present cannot acquire corresponding configuration information, so that the configuration information acquired by the probe is inconsistent with the configuration information designated by the platform, and thus the configuration of the probe is unreliable.
Currently, no effective solution has been proposed for the problem of unreliable probe configuration in the related art.
Disclosure of Invention
The embodiment of the application provides a probe configuration method and a probe configuration system of industrial control equipment, which are used for at least solving the problem of unreliable probe configuration in the related technology.
In a first aspect, an embodiment of the present application provides a probe configuration method for an industrial control device, including:
the control platform stores the configuration information of the probe of the industrial control equipment into a redis database;
the probe accesses the redis database to acquire and apply the configuration information.
In some embodiments, the probe accessing the redis database, the obtaining and applying the configuration information includes:
the probe executes a scanning task according to the configuration information and generates scanning data after the scanning task is completed;
the probe transmits the scan data to a kafka platform, wherein the kafka platform is configured to push the scan data to an elastesearch cluster.
In some of these embodiments, in the process that the kafka platform pushes the scan data to the elastesearch cluster, the method further comprises:
the kafka platform transmits the scanning data to a data processing service device;
and the data processing service equipment generates a pushing strategy according to a preset threshold, wherein the pushing strategy comprises pushing the scanning data to the elastiscearch cluster or refusing to push the scanning data to the elastiscearch cluster.
In some embodiments, before the data processing service device generates the push policy according to the preset threshold, the method further includes:
the control platform stores the preset threshold value into the redis database, wherein the preset threshold value comprises a preset capacity limiting threshold value and/or a preset capacity expansion threshold value;
the data processing service equipment acquires the preset capacity limiting threshold value and/or the preset capacity expansion threshold value from the redis database.
In some embodiments, the data processing service device generates the push policy according to a preset threshold value, including:
the data processing service device judges whether the capacity percentage of the elastic search cluster is larger than the preset limit Rong Yuzhi, and when the data processing service device judges that the capacity percentage of the elastic search cluster is larger than the preset limit capacity threshold, the data processing service device refuses to push the scanning data to the elastic search cluster and generates first alarm information, wherein the first alarm information is used for indicating that the capacity of the elastic search cluster is overloaded; and/or
The data processing service device judges whether the capacity percentage of the elastic search cluster is larger than the preset capacity expansion threshold, and generates second alarm information when the data processing service device judges that the capacity percentage of the elastic search cluster is larger than the preset capacity expansion threshold, wherein the second alarm information is used for indicating that the capacity of the elastic search cluster is to be expanded.
In some embodiments, the data processing service device generates the push policy according to a preset threshold value, including:
the data processing service device pushes the scanning data to the elastiscearch cluster under the condition that the data processing service device judges that the capacity percentage of the elastiscearch cluster is not larger than the preset capacity limiting threshold; and/or
And under the condition that the data processing service equipment judges that the capacity percentage of the elastic search cluster is not larger than the preset capacity expansion threshold, the data processing service equipment pushes the scanning data to the elastic search cluster.
In some embodiments, after the data processing service device generates the push policy according to a preset threshold, the method further includes:
the control platform accesses the elastiscearch cluster, and acquires the scanning data from the elastiscearch cluster; or alternatively
The control platform accesses the elastiscearch cluster, and obtains alarm information for representing the capacity percentage condition of the elastiscearch cluster from the elastiscearch cluster.
In some of these embodiments, after the control platform accesses the elastesearch cluster, and obtains alert information from the elastesearch cluster that indicates a capacity percentage of the elastesearch cluster, the method further includes:
the control platform responds to the alarm information and generates an adjustment instruction, wherein the adjustment instruction is used for indicating the elastic search cluster to limit or expand the capacity;
and sending the adjustment instruction to the elastiscearch cluster.
In a second aspect, an embodiment of the present application further provides a probe configuration system of an industrial control device, including: the system comprises a probe, a control platform and a redis database, wherein the redis database is respectively coupled with the probe and the control platform;
the control platform is used for storing configuration information of a probe of the industrial control equipment into a redis database;
the probe is used for accessing the redis database to acquire and apply the configuration information.
In some of these embodiments, further comprising:
a kafka platform, an elastiscsearch cluster, and a data processing service device; wherein, the liquid crystal display device comprises a liquid crystal display device,
the redis database is coupled with the data processing service equipment;
the data processing service device is coupled with the kafka platform and the elastiscearch cluster respectively;
the control platform is coupled with the elastesearch cluster.
Compared with the related art, the probe configuration method and the probe configuration system of the industrial control equipment provided by the embodiment of the application have the advantages that the configuration information of the probe of the industrial control equipment is stored in the redis database through the control platform, the probe accesses the redis database to acquire and apply the configuration information, the problem of unreliable probe configuration in the related art is solved, and the beneficial effect of real-time validation of the probe configuration information is realized.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the other features, objects, and advantages of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
fig. 1 is a flowchart of a probe configuration method of an industrial control device according to an embodiment of the present application;
fig. 2 is a general flow diagram of a probe configuration method of an industrial control device according to a preferred embodiment of the present application;
FIG. 3 is a schematic block diagram of a probe configuration system of an industrial control device according to an embodiment of the present application;
fig. 4 is a schematic diagram showing data interaction of a probe configuration system of an industrial control device according to a preferred embodiment of the present application.
Description of the drawings: 301. a probe; 302. a control platform; 303. a redis database; 304. a kafka platform; 305. an elastiscearch cluster; 306. a data processing service device.
Detailed Description
The present application will be described and illustrated with reference to the accompanying drawings and examples in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application. All other embodiments, which can be made by a person of ordinary skill in the art based on the embodiments provided by the present application without making any inventive effort, are intended to fall within the scope of the present application.
It is apparent that the drawings in the following description are only some examples or embodiments of the present application, and it is possible for those of ordinary skill in the art to apply the present application to other similar situations according to these drawings without inventive effort. Moreover, it should be appreciated that while such a development effort might be complex and lengthy, it would nevertheless be a routine undertaking of design, fabrication, or manufacture for those of ordinary skill having the benefit of this disclosure, and thus should not be construed as having the benefit of this disclosure.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly and implicitly understood by those of ordinary skill in the art that the described embodiments of the application can be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this application belongs. The terms "a," "an," "the," and similar referents in the context of the application are not to be construed as limiting the quantity, but rather as singular or plural. The terms "comprising," "including," "having," and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to only those steps or elements but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. The terms "connected," "coupled," and the like in connection with the present application are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as used herein means two or more. "and/or" describes an association relationship of an association object, meaning that there may be three relationships, e.g., "a and/or B" may mean: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship. The terms "first," "second," "third," and the like, as used herein, are merely distinguishing between similar objects and not representing a particular ordering of objects.
The various techniques described in the present application may be used in an industrial control security monitoring and auditing system, where the industrial control security monitoring and auditing system may be a system that includes functions such as industrial control system attack detection, industrial control system intrusion detection, industrial control key event detection, network alarm event statistics, industrial control behavior model presentation, industrial control network connection statistics, etc.
The embodiment provides a probe configuration method of industrial control equipment. Fig. 1 is a flowchart of a probe configuration method of an industrial control device according to an embodiment of the present application, as shown in fig. 1, the flowchart includes the following steps:
step S101, the control platform stores configuration information of a probe of the industrial control equipment into a redis database.
The control platform is configured to control the configuration operation of one or more probes and also to view the scan summary results of each probe. The control platform may generate configuration information according to user input, where the configuration information is used to instruct the probe to perform a scanning task, and the configuration information includes, but is not limited to, a scanning level, a scanning frequency, and a scanning range of the probe.
In the related art, after generating the configuration information, the control platform may lose the configuration information due to a transmission problem in a process of transmitting the configuration information to the probe, so that the probe cannot be configured. Aiming at the phenomenon, the control platform in the embodiment stores the configuration information into the redis database, so that the persistent storage of the configuration information is realized, and the phenomenon of configuration information loss caused by the transmission problem in the process of transmitting the configuration information to the probe is avoided. Wherein, redis is an open source, written in ANSI C (American National Standards Institute C, standardized by the american national standards institute) language C, supporting network, log-type, key-Value database which can be based on memory and also can be persistent, and providing API (Application Programming Interface, application program interface) of multiple languages.
Step S102, the probe accesses the redis database to acquire and apply the configuration information.
The probe is configured to be deployed on an industrial control device, capable of scanning the industrial control device, and generating scan data. The scan data includes, but is not limited to, network communication conditions of the industrial control device and risk conditions of the industrial control device.
The probe of the embodiment can access the redis database in real time, and the instantaneity of acquiring the configuration information is ensured, so that the configuration operation is ensured to take effect in real time.
Compared with the probe configuration method in the related art, the embodiment introduces the redis database to realize the storage of the configuration information, accesses the redis database in real time through the probe to acquire the configuration information, solves the problem of unreliable probe configuration in the related art, and realizes the beneficial effect of real-time validation of the probe configuration information.
In some real-time examples, when the probe is closed, the control platform can control the configuration information stored in the redis database to ensure that the configuration information acquired by the probe accessing from the redis database is the latest configuration information after the probe is started, so that the timeliness of the configuration information is further improved.
In addition, compared with other databases, the redis database has the advantage of high-speed query, and is beneficial to ensuring consistency of configuration information in the process of transmitting the configuration information between the redis database and the probe.
In order to ensure the real-time performance of the scanning data, in some embodiments, in the process that the probe accesses the redis database and obtains and applies the configuration information, the probe executes the scanning task according to the configuration information and generates the scanning data after the execution of the scanning task is completed; the probe sends the scan data to a kafka platform, which is used to push the scan data to an elastesearch cluster.
Among other things, kafka is a high-throughput distributed publish-subscribe messaging system that can handle all action flow data for consumers in a web site. The elastesearch is a search server based on Lucene (full text search engine) and provides a distributed multi-user full text search engine, and an elastesearch cluster comprises a plurality of elastesearch servers, which are used for improving the statistical query efficiency of scanned data on one hand and the storage amount of the scanned data on the other hand.
In this embodiment, after the probe performs a scanning task according to the configuration information, the generated scanning data is sent to the kafka, and the elastic search cluster can receive the scanning data pushed from the kafka in real time, and after receiving the scanning data, the elastic search cluster realizes storage and statistics of the scanning data, so that instantaneity of the scanning data is ensured.
In the related art, for the scanning data acquired by the probe, when the scanning data volume is too large, a method for deleting the historical data at regular time is generally adopted to meet the storage requirement, but the method is not beneficial to searching the historical data, and the utilization rate of the data is reduced. For this case, in some of the embodiments, the kafka platform transmits the scan data to the data processing service device; the data processing service equipment generates a pushing strategy according to a preset threshold, wherein the pushing strategy comprises pushing the scanning data to the elastesearch cluster or refusing to push the scanning data to the elastesearch cluster.
In this embodiment, the data processing service device is configured to process the scan data in the kafka platform, and may access the capacity percentage of the elastesearch cluster according to a preset period, and compare the capacity percentage of the elastesearch cluster with a preset threshold value, so as to generate a push policy, where the push policy is used to push or reject pushing the scan data to the elastesearch cluster, so as to ensure that the capacity percentage of the elastesearch cluster is maintained within a relatively reasonable range. Compared with the method for meeting the storage requirement by directly deleting the historical data in the related art, the method of the embodiment is beneficial to guaranteeing the integrity and the historic property of the scanned data.
In some of these embodiments, the preset threshold may be generated by a control platform that stores the preset threshold to the redis database, wherein the preset threshold includes a preset capacity limiting threshold and/or a preset capacity expansion threshold; the data processing service equipment acquires a preset capacity limiting threshold value and/or a preset capacity expansion threshold value from the redis database.
In this embodiment, the data processing service device is configured to be capable of accessing the redis database according to a preset period, obtaining a preset threshold value therefrom, and generating a push policy according to the preset threshold value. Based on the innovation of the redis database, the embodiment can realize the persistence and real-time storage of the preset threshold value. As a specific implementation manner, the control platform can control the redis database to modify the preset threshold under the condition that the data processing service equipment is closed, and after the data processing service equipment is started, the preset threshold accessed by the data processing service equipment from the redis database is ensured to be the latest preset threshold, so that timeliness of the preset threshold is ensured.
In addition, a preset threshold is generated through the control platform, and a capacity limiting or expanding reference is provided for the capacity percentage of the elastic search cluster, so that the kafka is constrained to push the scanning data to the elastic search cluster, the control platform is used for managing the scanning data and the equipment for storing and transmitting the scanning data, and the full right management of the scanning data flow direction is achieved.
The process of generating the push policy by the data processing service device according to the preset threshold is described in a classification manner below.
(1) The data processing service device judges whether the capacity percentage of the elastic search cluster is larger than a preset limit Rong Yuzhi, and when the data processing service device judges that the capacity percentage of the elastic search cluster is larger than the preset limit capacity threshold, the data processing service device refuses to push scanning data to the elastic search cluster and generates first alarm information, wherein the first alarm information is used for indicating that the capacity of the elastic search cluster is overloaded.
(2) Otherwise, under the condition that the data processing service equipment judges that the capacity percentage of the elastic search cluster is not larger than the preset capacity limiting threshold value, the data processing service equipment pushes the scanning data to the elastic search cluster.
(3) The data processing service device judges whether the capacity percentage of the elastic search cluster is larger than a preset capacity expansion threshold, and generates second alarm information when the data processing service device judges that the capacity percentage of the elastic search cluster is larger than the preset capacity expansion threshold, wherein the second alarm information is used for indicating that the capacity of the elastic search cluster is to be expanded.
(4) Otherwise, under the condition that the data processing service equipment judges that the capacity percentage of the elastic search cluster is not larger than the preset capacity expansion threshold, the data processing service equipment pushes the scanning data to the elastic search cluster.
In the above cases, the data processing service apparatus filters the scan data from the kafka by the preset threshold, lightens the load of the elastesearch cluster, or improves the storage efficiency of the elastesearch cluster, thereby functioning to improve the capacity percentage of the elastesearch cluster.
Based on the advantages of the elastesearch cluster in statistics and query efficiency, in some of these embodiments, the control platform accesses the elastesearch cluster, obtaining scan data from the elastesearch cluster; or the control platform accesses the elastiscearch cluster and acquires alarm information for representing the capacity percentage condition of the elastiscearch cluster from the elastiscearch cluster.
In this embodiment, the control platform is configured to be capable of accessing the elastesearch cluster in real time, and acquiring scan data or alarm information from the elastesearch cluster, so as to improve efficiency of data query and statistics.
In some real-time examples, the control platform can respond to the accessed alarm information to generate an adjustment instruction, wherein the adjustment instruction is used for indicating the elastesearch cluster to limit or expand the capacity; the control platform sends an adjustment instruction to the elastiscearch cluster.
In the real-time example, under the condition that the control platform accesses the first alarm information, the control platform responds to the first alarm information to generate an adjusting instruction for adjusting the capacity percentage of the elastic search cluster, and adjusts the capacity percentage of the elastic search cluster to be lower than a preset capacity limiting threshold value to prevent the overload breakdown of the elastic search cluster. As a specific implementation, the control platform can be reminded to add the elastesearch service to the elastesearch cluster according to the prompt of the first alarm message so as to increase the capacity of the elastesearch cluster.
Under the condition that the control platform accesses the second alarm information, the control platform responds to the second alarm information to generate an adjusting instruction for adjusting the capacity percentage of the elastic search cluster, the capacity percentage of the elastic search cluster is adjusted to be lower than a preset capacity expansion threshold, and the utilization rate of the elastic search cluster is improved. As a specific implementation manner, the control platform can be reminded to reduce the elastiscearch service to the elastiscearch cluster according to the prompt of the second alarm message so as to save the occupied resources of the elastiscearch service.
FIG. 2 is a general flow chart of a probe configuration method of an industrial control device according to a preferred embodiment of the present application, as shown in FIG. 2, a control platform issues probe configuration to a redis database for storing configuration information of the probe in the redis data, so as to ensure full rights management of the control platform to probe configuration; and when the probe is in fault or downtime, the control platform can restore the configuration operation of the probe after the probe is started by operating the redis database.
The probe reads the configuration information in the redis database in real time, so that the instantaneity of the control platform on probe configuration establishment can be ensured.
The probe executes a scanning task according to the configuration information acquired in real time, namely, corresponding industrial control equipment is scanned in real time, and the dynamic effect of probe configuration is ensured.
The method comprises the steps of pushing the scanning data to a kafka platform, wherein the kafka platform supports pushing of large concurrency (hundreds of millions), real-time performance and effectiveness of the scanning data can be guaranteed, and the kafka is used for pushing the scanning data to an elastesearch cluster, and the elastesearch cluster supports statistics and access of large data volume.
The data processing service device receives the data through the kafka platform and filters the scanned data to adjust the capacity percentage of the elastesearch cluster.
The data processing service equipment acquires a preset threshold through the redis database, wherein the preset threshold comprises two gears, one gear is a preset capacity limiting threshold, and the other gear is a preset capacity expansion threshold.
The data processing service equipment judges whether the capacity percentage of the elastic search cluster is larger than a preset limit Rong Yuzhi, and pushes the alarm information of the elastic search cluster and discards the current scanning data under the condition that the capacity percentage of the elastic search cluster is larger than the preset limit capacity threshold, so that overload breakdown of the elastic search cluster is prevented; otherwise, under the condition that the capacity percentage of the elastic search cluster is not larger than the preset capacity limiting threshold, the data processing service equipment pushes the scanning data to the elastic search cluster for query by the control platform.
The data processing service equipment judges whether the capacity percentage of the elastic search cluster is larger than a preset capacity expansion threshold, and pushes the alarm information of the elastic search cluster under the condition that the capacity percentage of the elastic search cluster is larger than the preset capacity expansion threshold, and the console is highlighted and a popup window displays the alarm information so as to prompt a user that the elastic search cluster has a large space and the capacity of the elastic search cluster is to be amplified; otherwise, under the condition that the capacity percentage of the elastic search cluster is not larger than the preset capacity expansion threshold, the data processing service equipment pushes the scanning data to the elastic search cluster for query by the control platform.
The control platform can query the scan data of the individual probes through the elastesearch cluster.
The preferred embodiment provides a platform probe control scheme based on elasticSearch, redis and kafka implementation in the industrial control industry. The control platform fully controls the configuration of the probe through a redis database, pushes the scanning data obtained by scanning the probe to the kafka platform, the data processing service equipment receives the scanning data through the kafka platform and stores the scanning data on an elastic search cluster, the data quantity threshold value on the redis database can be acquired regularly, and the sizes of the current cluster capacity and the capacity expansion threshold value are compared to determine whether to send a data quantity threshold value notification message to the elastic search cluster; comparing the current cluster capacity with the capacity limiting threshold value to determine whether to continue pushing the scanning data to the cluster. The control platform directly reads the scanning data and the data quantity threshold notification message of each probe from the elastic search cluster, so that the control platform can query the scanning result of the probe in real time, acquire the network topology and the network flow fluctuation trend of the whole industrial control system, and discover the network risk in real time; through the data volume threshold reminding function, the problems of insufficient cluster memory and data unfocused are solved.
In summary, the advantages of the above embodiments of the present application compared to the related art include at least the following:
(1) The control platform can inform the probe configuration in real time through the redis database each time, can store the probe configuration on the redis database for a long time, ensures the real-time performance and persistence of the configuration information, and realizes reliable probe configuration.
(2) The scanning data is pushed to the kafka platform through the probe, and then the scanning data is stored in the elastic search cluster, so that the centralized management of the scanning data is realized; and the capacity expansion and capacity limitation of the storage service are realized through the judgment of a second gear threshold, wherein the second gear threshold is a preset capacity limitation threshold and a preset capacity expansion threshold.
In addition, the probe configuration method of the industrial control device according to the embodiment of the present application described in connection with fig. 1 may be implemented by a probe configuration system of the industrial control device. Fig. 3 is a schematic block diagram of a probe configuration system of an industrial control device according to an embodiment of the present application, and as shown in fig. 3, the system includes: a probe 301, a control platform 302, and a redis database 303, wherein the redis database 303 is coupled to the probe 301 and the control platform 302, respectively; the control platform 302 is used for storing configuration information of the probe 301 of the industrial control equipment into the redis database 303; the probe 301 is used to access the redis database 303, obtain and apply configuration information.
FIG. 4 shows a data interaction schematic of a probe configuration system of an industrial control device according to a preferred embodiment of the present application, as shown in FIG. 4, the probe configuration system includes a kafka platform 304, an elastic search cluster 305, and a data processing service device 306; wherein redis database 303 is coupled to data processing services apparatus 306; the data processing service device 306 is coupled to the kafka platform 304 and the elastic search cluster 305, respectively; the control platform 302 is coupled to an elastesearch cluster 305. The data interaction principle of the system is as follows:
the control platform is used for transmitting configuration information and a second gear threshold value to the redis database, wherein the second gear threshold value is a preset capacity limiting threshold value and a preset capacity expansion threshold value. The probe is used for implementing scanning the redis database to acquire configuration information, and executing a scanning task according to the configuration information to generate scanning data, and the probe pushes the scanning data to the kafka platform. The kafka platform is used for transmitting the scanning data to the elastesearch cluster, wherein the pushing of the scanning data is performed between the kafka platform and the elastesearch cluster through a data processing service. The data processing service equipment is used for controlling pushing of the scanning data, acquiring a second-gear threshold value from a redis database, acquiring cluster capacity percentages from an elastic search cluster, and comparing the cluster capacity percentages with a preset capacity limiting threshold value or a preset capacity expansion threshold value respectively to generate a pushing strategy. The push policy is described in the above embodiments, and will not be described herein. The control platform is also used for inquiring the elastic search cluster and acquiring corresponding alarm information and scanning data.
In the related art, the configuration information of the probe is usually stored locally in the probe, but in the embodiment, the configuration information is stored in the redis database, compared with the related art, the embodiment ensures that the control platform can control the configuration of the probe in real time and permanently, realizes the full-right management, real-time and permanent management of the platform on the probe, and realizes reliable probe configuration. At the same time, the possibility of data loss and data inconsistency is reduced.
In addition, in the related art, the scanning data is usually stored in the local part of the probe, and the scanning data exceeding the time is deleted, but in the embodiment, the scanning data is pushed to the elastic search cluster through the kafka platform, so that the data centralization is ensured, and the data can be centralized in real time. Through the judgment of the second-gear threshold value, the capacity expansion capacity and capacity limiting capacity of the scanning data storage service are guaranteed, and the occurrence of breakdown condition is avoided, so that the integrity and the historic performance of the scanning data are guaranteed, and the query statistics efficiency is improved.
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.
Claims (10)
1. The probe configuration method of the industrial control equipment is characterized by comprising the following steps of:
the control platform stores the configuration information of the probe of the industrial control equipment into a redis database;
the probe accesses the redis database in real time to acquire and apply the configuration information;
the probe generates scanning data and sends the scanning data to the kafka platform;
the kafka platform transmits the scanning data to a data processing service device;
the data processing service equipment judges whether the capacity percentage of the elastic search cluster is larger than a preset limit Rong Yuzhi;
and under the condition that the capacity percentage of the elastic search cluster is larger than the preset capacity limiting threshold value, discarding the current scanning data by the data processing service equipment.
2. The probe configuration method of an industrial control device according to claim 1, wherein the probe accesses the redis database in real time, and acquiring and applying the configuration information includes:
the probe executes a scanning task according to the configuration information and generates the scanning data after the scanning task is completed;
the probe sends the scan data to the kafka platform, wherein the kafka platform is configured to push the scan data to the elastesearch cluster.
3. The probe configuration method of an industrial control device according to claim 2, wherein in a process that the kafka platform pushes the scan data to the elastic search cluster, the method further comprises:
the kafka platform transmits the scanning data to the data processing service device;
and the data processing service equipment generates a pushing strategy according to a preset threshold, wherein the pushing strategy comprises pushing the scanning data to the elastiscearch cluster or refusing to push the scanning data to the elastiscearch cluster.
4. The probe configuration method of an industrial control device according to claim 3, wherein before the data processing service device generates a push policy according to a preset threshold, the method further comprises:
the control platform stores the preset threshold value into the redis database, wherein the preset threshold value comprises the preset capacity limiting threshold value and/or a preset capacity expansion threshold value;
the data processing service equipment acquires the preset capacity limiting threshold value and/or the preset capacity expansion threshold value from the redis database.
5. The method for configuring a probe of an industrial control device according to claim 4, wherein the data processing service device generating a push policy according to a preset threshold value includes:
the data processing service device judges whether the capacity percentage of the elastic search cluster is larger than the preset limit Rong Yuzhi, and when the data processing service device judges that the capacity percentage of the elastic search cluster is larger than the preset limit capacity threshold, the data processing service device refuses to push the scanning data to the elastic search cluster and generates first alarm information, wherein the first alarm information is used for indicating that the capacity of the elastic search cluster is overloaded; and/or
The data processing service device judges whether the capacity percentage of the elastic search cluster is larger than the preset capacity expansion threshold, and generates second alarm information when the data processing service device judges that the capacity percentage of the elastic search cluster is larger than the preset capacity expansion threshold, wherein the second alarm information is used for indicating that the capacity of the elastic search cluster is to be expanded.
6. The probe configuration method of the industrial control device according to claim 5, wherein the data processing service device generating a push policy according to a preset threshold value includes:
the data processing service device pushes the scanning data to the elastiscearch cluster under the condition that the data processing service device judges that the capacity percentage of the elastiscearch cluster is not larger than the preset capacity limiting threshold; and/or
And under the condition that the data processing service equipment judges that the capacity percentage of the elastic search cluster is not larger than the preset capacity expansion threshold, the data processing service equipment pushes the scanning data to the elastic search cluster.
7. The probe configuration method of an industrial control device according to any one of claims 5 or 6, wherein after the data processing service device generates a push policy according to a preset threshold, the method further comprises:
the control platform accesses the elastiscearch cluster, and acquires the scanning data from the elastiscearch cluster; or alternatively
The control platform accesses the elastiscearch cluster, and obtains alarm information for representing the capacity percentage condition of the elastiscearch cluster from the elastiscearch cluster.
8. The probe configuration method of an industrial control device according to claim 7, wherein after the control platform accesses the elastesearch cluster and obtains alarm information indicating a capacity percentage of the elastesearch cluster from the elastesearch cluster, the method further comprises:
the control platform responds to the alarm information and generates an adjustment instruction, wherein the adjustment instruction is used for indicating the elastic search cluster to limit or expand the capacity;
and sending the adjustment instruction to the elastiscearch cluster.
9. A probe configuration system for an industrial control device, comprising: a probe, a control platform, a redis database, a kafka platform, an elastiscsearch cluster, and a data processing service device, wherein the redis database is coupled with the probe and the control platform, respectively;
the control platform is used for storing configuration information of a probe of the industrial control equipment into a redis database;
the probe is used for accessing the redis database in real time, acquiring and applying the configuration information, generating scanning data and sending the scanning data to the kafka platform;
the kafka platform is used for sending the scanning data to the data processing service equipment;
the data processing service device is configured to determine whether a capacity percentage of the elastiscearch cluster is greater than a preset limit Rong Yuzhi, and discard current scan data when it is determined that the capacity percentage of the elastiscearch cluster is greater than the preset limit capacity threshold.
10. The probe configuration system of an industrial control device according to claim 9, wherein:
the redis database is coupled with the data processing service equipment;
the data processing service device is coupled with the kafka platform and the elastiscearch cluster respectively;
the control platform is coupled with the elastesearch cluster.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010374121.8A CN111563069B (en) | 2020-05-06 | 2020-05-06 | Probe configuration method and system of industrial control equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010374121.8A CN111563069B (en) | 2020-05-06 | 2020-05-06 | Probe configuration method and system of industrial control equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111563069A CN111563069A (en) | 2020-08-21 |
| CN111563069B true CN111563069B (en) | 2023-09-19 |
Family
ID=72070828
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010374121.8A Active CN111563069B (en) | 2020-05-06 | 2020-05-06 | Probe configuration method and system of industrial control equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111563069B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113837703B (en) * | 2021-10-27 | 2023-09-19 | 江苏物润船联网络股份有限公司 | Automatic check method for quantitative weight prevention of logistics waybill carrying information in real time |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003009175A1 (en) * | 2001-07-19 | 2003-01-30 | Nice Systems Ltd. | Method, apparatus and system for capturing and analyzing interaction based content |
| CN103123466A (en) * | 2011-11-10 | 2013-05-29 | 洛克威尔自动控制技术股份有限公司 | Implementing engineering unit conversions associated with control devices |
| CN106338976A (en) * | 2016-10-08 | 2017-01-18 | 中冶华天工程技术有限公司 | Remote intelligent industrial control system and control method thereof |
| CN107357896A (en) * | 2017-07-13 | 2017-11-17 | 北京小度信息科技有限公司 | Expansion method, device, system and the data base cluster system of data-base cluster |
| CN108924202A (en) * | 2018-06-25 | 2018-11-30 | 郑州云海信息技术有限公司 | A kind of the data disaster tolerance method and relevant apparatus of distributed type assemblies |
| CN108932303A (en) * | 2018-06-12 | 2018-12-04 | 中国电子科技集团公司第二十八研究所 | A kind of distribution visual remote sensing image Detection dynamic target and analysis system |
| CN110336808A (en) * | 2019-06-28 | 2019-10-15 | 南瑞集团有限公司 | A kind of attack source tracing method and system towards electric power industry control network |
-
2020
- 2020-05-06 CN CN202010374121.8A patent/CN111563069B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003009175A1 (en) * | 2001-07-19 | 2003-01-30 | Nice Systems Ltd. | Method, apparatus and system for capturing and analyzing interaction based content |
| CN103123466A (en) * | 2011-11-10 | 2013-05-29 | 洛克威尔自动控制技术股份有限公司 | Implementing engineering unit conversions associated with control devices |
| CN106338976A (en) * | 2016-10-08 | 2017-01-18 | 中冶华天工程技术有限公司 | Remote intelligent industrial control system and control method thereof |
| CN107357896A (en) * | 2017-07-13 | 2017-11-17 | 北京小度信息科技有限公司 | Expansion method, device, system and the data base cluster system of data-base cluster |
| CN108932303A (en) * | 2018-06-12 | 2018-12-04 | 中国电子科技集团公司第二十八研究所 | A kind of distribution visual remote sensing image Detection dynamic target and analysis system |
| CN108924202A (en) * | 2018-06-25 | 2018-11-30 | 郑州云海信息技术有限公司 | A kind of the data disaster tolerance method and relevant apparatus of distributed type assemblies |
| CN110336808A (en) * | 2019-06-28 | 2019-10-15 | 南瑞集团有限公司 | A kind of attack source tracing method and system towards electric power industry control network |
Non-Patent Citations (1)
| Title |
|---|
| 赵晓峰 ; .基于OPC技术的Web工控系统的研究与实现.自动化与仪表.2016,(02),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111563069A (en) | 2020-08-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9246777B2 (en) | Computer program and monitoring apparatus | |
| US20080141261A1 (en) | Resource Management System, Resource Information Providing Method and Program | |
| US8001150B2 (en) | Device management method using nodes having additional attribute and device management client thereof | |
| CN106059825A (en) | Distributed system and configuration method | |
| CN111782692B (en) | Frequency control method and device | |
| CN109783151B (en) | Method and device for rule change | |
| CN112597249B (en) | Synchronous distribution storage method and system for service data | |
| CN112698952A (en) | Unified management method and device for computing resources, computer equipment and storage medium | |
| CN111563069B (en) | Probe configuration method and system of industrial control equipment | |
| CN108881379B (en) | Method and device for data synchronization between server clusters | |
| CN114629883B (en) | Service request processing method and device, electronic equipment and storage medium | |
| CN115617527A (en) | Management method, configuration method, management device and configuration device of thread pool | |
| CN111782666A (en) | Cache service system | |
| JP5560641B2 (en) | Data management apparatus, data management program, and data management method | |
| CN105681404A (en) | Metadata node management method and device of distributed cache system | |
| US8335824B2 (en) | Methods, systems, and computer program products for providing metadata subscription services | |
| CN114153609A (en) | Resource control method and device, electronic equipment and computer readable storage medium | |
| EP1622310A2 (en) | Administration system for network management systems | |
| CN111352746B (en) | Message flow limiting method and storage medium | |
| CN112698929A (en) | Information acquisition method and device | |
| CN113765690A (en) | Cluster switching method, system, device, terminal, server and storage medium | |
| CN111475315A (en) | Server and subscription notification push control and execution method | |
| WO2023065900A1 (en) | Device state message processing method and message distribution system | |
| CN111026606A (en) | Alarm method and device based on hystrix fuse monitoring and computer equipment | |
| CN116016117A (en) | Network equipment operation and maintenance data acquisition method and system, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |