CN111897789A - Log generation method and device - Google Patents
Log generation method and device Download PDFInfo
- Publication number
- CN111897789A CN111897789A CN202010681886.6A CN202010681886A CN111897789A CN 111897789 A CN111897789 A CN 111897789A CN 202010681886 A CN202010681886 A CN 202010681886A CN 111897789 A CN111897789 A CN 111897789A
- Authority
- CN
- China
- Prior art keywords
- log
- application
- recorded
- message
- identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 238000002347 injection Methods 0.000 claims description 48
- 239000007924 injection Substances 0.000 claims description 48
- 238000012795 verification Methods 0.000 claims description 8
- 238000007781 pre-processing Methods 0.000 claims description 6
- 238000001514 detection method Methods 0.000 claims description 4
- 238000012423 maintenance Methods 0.000 abstract description 13
- 238000010586 diagram Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 5
- 230000002265 prevention Effects 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 4
- 238000012550 audit Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000007639 printing Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005242 forging Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/1805—Append-only file systems, e.g. using logs or journals to store data
- G06F16/1815—Journaling file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
- G06F11/3476—Data logging
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a log generation method and a device, which are used for acquiring application messages to be recorded, which are generated in the running process of an application program, adding application attribute parameters to the application messages to be recorded to obtain log information, generating a log file at a preset position according to configuration parameters in a pre-loaded log file generation strategy, and storing the log information into the log file. Because the content contained in the application attribute parameters added in the application message to be recorded is the content contained in the preset finally generated log format, the log generation specification is unified by the method, so that the problem of inconsistency of log names, log formats, log contents and the like generated by each application program is effectively solved, and the operation and maintenance efficiency of the application system is improved.
Description
Technical Field
The invention relates to the technical field of log generation, in particular to a log generation method and device.
Background
The log is used for recording various information generated in the running process of the application program so as to be maintained at a later period. The log is one of important files in the operation of the application system, and plays an important role in the maintenance and management of the application system. When the application system has operation failure, the failure can be checked according to the log records.
At present, each development team has no unified standard in the aspect of log generation, log names, log formats, log contents and the like generated when an application program runs are generated by a developer after being jointly agreed with development experience of the developer and an operator, and because the log names, the log formats, the log contents and the like generated by each application program are different, the problems that the log contents are difficult to search or log information records are incomplete easily exist, and the operation and maintenance of an application system are difficult.
Disclosure of Invention
In view of this, the present invention discloses a log generation method and device, so as to implement unification of log generation specifications, thereby effectively solving the problem of inconsistency of log names, log formats, log contents, and the like generated by each application program, and improving operation and maintenance efficiency of an application system.
A method of log generation, comprising:
acquiring application messages to be recorded generated in the running process of an application program;
adding an application attribute parameter to the application message to be recorded to obtain log information, wherein the content contained in the application attribute parameter is the content contained in a preset finally generated log format;
generating a log file at a preset position according to configuration parameters in a pre-loaded log generation strategy;
and storing the log information to the log file.
A log generation apparatus comprising:
the application message acquisition module is used for acquiring the application message to be recorded generated in the running process of the application program;
the message preprocessing module is used for adding an application attribute parameter to the application message to be recorded to obtain log information, wherein the content contained in the application attribute parameter is the content contained in a preset finally generated log format;
and the log generation module is used for generating a log file at a preset position according to the configuration parameters in the pre-loaded log generation strategy and storing the log information into the log file.
According to the technical scheme, the invention discloses a log generation method and device, which are used for acquiring an application message to be recorded generated in the running process of an application program, adding an application attribute parameter to the application message to be recorded to obtain log information, generating a log file at a preset position according to a configuration parameter in a pre-loaded log generation strategy, and storing the log information into the log file. Because the content contained in the application attribute parameters added in the application message to be recorded is the content contained in the preset finally generated log format, the log generation specification is unified by the method, so that the problem of inconsistency of log names, log formats, log contents and the like generated by each application program is effectively solved, and the operation and maintenance efficiency of the application system is improved.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It should be understood that the drawings are schematic and that elements and features are not necessarily drawn to scale.
FIG. 1 is a flowchart of a log generation method disclosed in an embodiment of the present invention;
FIG. 2 is a flowchart of a method for preventing log injection in a log generation process according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method for loading a log generation policy according to an embodiment of the present invention;
FIG. 4 is an architecture diagram of a log generation component system in the log generation apparatus according to the embodiment of the present invention;
FIG. 5 is a schematic structural diagram of a log generating component in the log generating apparatus according to the embodiment of the present invention;
fig. 6 is a schematic structural diagram of a policy obtaining component in a log generating device in the log generating device according to the embodiment of the present invention.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
The term "include" and variations thereof as used herein are open-ended, i.e., "including but not limited to". The term "based on" is "based, at least in part, on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments". Relevant definitions for other terms will be given in the following description.
It should be noted that the terms "first", "second", and the like in the present disclosure are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence relationship of the functions performed by the devices, modules or units.
It is noted that references to "a", "an", and "the" modifications in this disclosure are intended to be illustrative rather than limiting, and that those skilled in the art will recognize that "one or more" may be used unless the context clearly dictates otherwise.
The embodiment of the invention discloses a log generation method and a log generation device, which are used for acquiring application messages to be recorded, which are generated in the running process of an application program, adding application attribute parameters to the application messages to be recorded to obtain log information, processing the log information according to configuration parameters in a pre-loaded log generation strategy to obtain logs corresponding to the log information, and storing the logs into a log file. Because the content contained in the application attribute parameters added in the application message to be recorded is the content contained in the preset finally generated log format, the log generation specification is unified by the method, so that the problem of inconsistency of log names, log formats, log contents and the like generated by each application program is effectively solved, and the operation and maintenance efficiency of the application system is improved.
Referring to fig. 1, a flowchart of a log generation method disclosed in the embodiment of the present invention includes:
s101, acquiring an application message to be recorded generated in the running process of an application program;
the source of the application message to be recorded comprises two parts, wherein one part is state information generated when the application program runs, such as fault alarm and normal information printing, the other part is from an interface opened by the application program to a user, the user can transmit information to the application program through the interface, and the application program records the information transmitted by the user as a log.
Step S102, adding an application attribute parameter to the application message to be recorded to obtain log information;
it should be noted that the content included in the application attribute parameter is the content included in the preset finally generated log format.
The application attribute parameters may include the following:
1. an identifier, comprising: the log injection method comprises the steps of a log identifier and an injection identifier, wherein the injection identifier is used for solving a log injection attack;
2. the message time is used for recording the information occurrence time;
3. the machine name is used for recording the name of a physical machine in which the application runs;
4. the application name, the name of the application when running, can be set by the application program;
5. the message level, wherein the incoming message level is recorded in the log;
6. the process name/thread name, the process name and the thread name of the application program running in the server;
7. the relevant messages generated by the application runtime include: global transaction ID, calling number, session ID \ work area and asynchronous calling message number;
8. log levels, i.e., the level of log records, the log levels include: a normal log level (Debug/Info/Warn/Error/Fatal), a performance log level, and a trace log level.
9. The application incoming messages, external messages that the application needs to record or the running itself are state cases that arise.
Step S103, generating a log file at a preset position according to configuration information in a pre-loaded log generation strategy;
specifically, in practical application, the generated log information may be stored in a log file according to a preset log storage path.
Wherein, the name of the log file comprises: application name, log level, log time, and log number.
The configuration parameters in the log generation policy include the following:
1. name of the application runtime; 2. a log output path; 3. log outputable level; 4. a time record format; 5. individual log file size.
And step S104, storing the log information to the log file.
Specifically, 1, the application name and the name of the application running can be set by the application.
2. Log level, the level of the log record.
3. And the log time is used for recording when the log is created.
4. And the log number is determined according to the size information of the application configuration single log file, if the log record quantity exceeds the maximum limit, a new log is created, the application name, the log grade and the log time in the name of the new log are the same as the original log name, one is added at the log number, and the subsequent content is written into the new log file.
It is to be noted that the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In summary, the log generating method disclosed by the present invention obtains the application message to be recorded generated in the running process of the application program, adds the application attribute parameter to the application message to be recorded to obtain the log information, generates the log file at the preset position according to the configuration parameter in the pre-loaded log generating policy, and stores the log information into the log file. Because the content contained in the application attribute parameters added in the application message to be recorded is the content contained in the preset finally generated log format, the log generation specification is unified by the method, so that the problem of inconsistency of log names, log formats, log contents and the like generated by each application program is effectively solved, and the operation and maintenance efficiency of the application system is improved.
The names of messages or information exchanged between devices in the embodiments of the present disclosure are for illustrative purposes only, and are not intended to limit the scope of the messages or information.
Although the operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. Under certain circumstances, multitasking and parallel processing may be advantageous.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order, and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
Computer program code for carrying out operations for the present disclosure may be written in any combination of one or more programming languages, including but not limited to an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
In practical application, when the log records, security check needs to be performed on messages transmitted by an application program to prevent malicious information from forging log record contents, and the malicious information is injected into the log through an application interface to cause the log record to be tampered or forged. The existing journal recording system in the civil aviation system is lack of a journal injection prevention technology, and journal records are often generated according to experience, so that the operation and maintenance difficulty of an application system is increased, and the safety of the journal is influenced. Wherein, the log injection means: illegal fields are input into the application through an external interface of the application program, and the recorded content of the log is falsified or forged. Log anti-injection refers to: preventing the log record content from being tampered or forged.
In order to improve the log security, on the basis of the above embodiment, the invention adds a log injection prevention strategy.
Referring to fig. 2, a flowchart of a method for preventing log injection in a log generation process disclosed in the embodiment of the present invention includes the steps of:
step S201, acquiring an application message to be recorded generated in the running process of an application program;
the source of the application message to be recorded comprises two parts, wherein one part is state information generated when the application program runs, such as fault alarm and normal information printing, the other part is from an interface opened by the application program to a user, the user can transmit information to the application program through the interface, and the information transmitted by the user is used as a log by the application program for recording.
Step S202, judging whether the application message to be recorded carries a log identifier, if so, executing step S203, and if not, executing step S204;
wherein the log identifier is: and the log generation component adds an identification field for the log message, wherein the identification field is used for marking each piece of log information.
Step S203, replacing the log identifier with an injection identifier to obtain a first target application message to be recorded, and adding an application attribute parameter to the first target application message to be recorded to obtain log information;
wherein the injected identifier is: when the injection detection is carried out on the application message to be recorded, the characteristic field of the application message to be recorded, which carries the log identifier, is found, so that the log record content is prevented from being tampered or forged.
The injection identifier may be a special character, e.g., "[? # @ ] ", to prevent the existence of application messages to simulate the log format content, causing the log injection attack.
Step S204, adding a log identifier to the application message to be recorded to obtain a second target application message to be recorded, and adding the application attribute parameter to the second target application message to be recorded to obtain the log information.
It should be noted that, in practical application, after the application attribute parameter is added to the application message to be recorded and the log information is obtained, it may be determined whether the obtained log information carries the log identifier, so as to achieve log injection prevention.
In practical application, the log identifier is used for operation and maintenance analysis of the application system, and the injection identifier is used for providing reference for security protection of the application system.
In this embodiment, the log identifier is an identification field added by the log generation component for the application message to be recorded, and the identification field can explicitly mark each piece of log information. Because log injection attack is usually composed of a section of legal information and illegal information, the log is injected by constructing an attack log information format according to the log format. The former section of the attack information is legal information, and combines with the normal parameters of the log to form normal log content, and adds the normal log content into the log file, and the latter section is illegal information, and the illegal information log is changed with the former section of the legal information by means of transferring symbol and the like according to the log record format, and the record is started from the new section, so that the log record is finally normal, but the attack is injected in reality.
The invention can effectively solve the attack means of the mode by adding the log identifier to the application message to be recorded, if an attacker does not know that the application message to be recorded has the log identifier, the log identifier exists in a legal information line and no related identifier exists in an illegal information line through a mode of injecting a section of legal information + illegal information in an attack construction method, so that when final audit is carried out, the situation that the line without the log identifier and the line with the identifier nearest to the information of the application message to be recorded are the same information is transmitted is judged, and the problem of log injection is solved.
In addition, if an attacker knows the existence of the log identifier in advance, the attacker adds the log identifier to the illegal information segment when the log is composed of legal information and illegal information, the attacker intends to regard the row as a single row during log recording, and the log generation component detects whether the log identifier already exists in the incoming application message to be recorded or not.
In order to further optimize the above embodiments, the present invention further provides a loading process of the log generation policy.
Referring to fig. 3, a flowchart of a method for loading a log generation policy disclosed in the embodiment of the present invention includes the steps of:
s301, acquiring a log generation strategy configured according to the target requirement of the application program;
in practical application, the log generation policy needs to be configured according to the target requirements of the application program.
See table 1 for one of the log generation strategies.
TABLE 1
The log type refers to: and selecting proper log types for recording according to different information generated by the application program in the running process so as to facilitate later maintenance and management of the application program.
The log types in table 1 may include: debug, Info, WARN, ERROR, FATAL, RUNNING, audio, TRACE, SECURITY, and the like.
Step S302, reading configuration parameters in the log generation strategy;
step S303, carrying out feasibility verification on the configuration parameters;
in practical application, the feasibility check may be implemented by performing a regular check on the configuration parameters, and the check content may be: whether a log storage path exists, whether a date format of log output is legal, whether a log output type is in compliance, and the like.
Step S304, when the configuration parameters pass the verification, after the application message to be recorded is obtained, a log generation strategy is loaded;
step S305, when the configuration parameters are not verified, feeding back prompt information that the configuration parameters are wrong.
In summary, the invention ensures the security and reliability of the log generation strategy by performing feasibility verification on the configuration parameters in the log generation strategy, thereby ensuring the accuracy of the log obtained by processing the log information based on the configuration parameters in the log generation strategy.
The log type and the log content are built on the basis of establishing the log generation requirement in the civil aviation, and the log type and the log content mainly comprise the following log types: the general log type (the content requirement comprises debugging information, state information and error information), the performance log type (the content requirement comprises application performance analysis and monitoring information), the audit log type (the content requirement comprises operation record information generated in the execution process of each link of an application program), the Trace log type (the content requirement comprises reproducible fault and problem positioning information) and the safety log type (the content requirement comprises safety monitoring and analysis information).
The invention develops the log generation component system according to the log type and the content requirement.
Corresponding to the above method embodiment, the present invention also discloses a log generating device, which comprises: the log generation component system shown in fig. 4, the log generation component system comprising: a log generation component and a policy acquisition component.
The log generation component includes: an application message acquisition module 401, a message preprocessing module 402 and a log generation module 403.
The policy acquisition component includes: a policy read and load module 404 and a policy check module 405.
The working principle of each component in the log generation component system is described in detail below, as follows:
referring to fig. 5, a schematic structural diagram of a log generating component in a log generating apparatus disclosed in the embodiment of the present invention is shown, where:
an application message acquiring module 401, configured to acquire an application message to be recorded, which is generated in an operation process of an application program;
the source of the application message to be recorded comprises two parts, wherein one part is state information generated when the application program runs, such as fault alarm and normal information printing, and the other part is from an interface opened by the application program to a user, the user can transmit information to the application program through the interface, and the application program records the information transmitted by the user as a log.
A message preprocessing module 402, configured to add an application attribute parameter to the application message to be recorded to obtain log information, where a content included in the application attribute parameter is a content included in a preset finally generated log format;
it should be noted that the content included in the application attribute parameter is the content included in the preset finally generated log format.
The application attribute parameters may include the following:
1. an identifier, comprising: the log injection method comprises the steps of a log identifier and an injection identifier, wherein the injection identifier is used for solving a log injection attack;
2. the message time is used for recording the information occurrence time;
3. the machine name is used for recording the name of a physical machine in which the application runs;
4. the application name, the name of the application when running, can be set by the application program;
5. the message level, wherein the incoming message level is recorded in the log;
6. the process name/thread name, the process name and the thread name of the application program running in the server;
7. the relevant messages generated by the application runtime include: global transaction ID, calling number, session ID \ work area and asynchronous calling message number;
8. log levels, i.e., the level of log records, the log levels include: a normal log level (Debug/Info/Warn/Error/Fatal), a performance log level, and a trace log level.
9. The application incoming messages, external messages that the application needs to record or the running itself are state cases that arise.
The log generating module 403 is configured to generate a log file at a preset location according to a configuration parameter in a pre-loaded log generating policy, and store the log information in the log file.
The configuration parameters in the log generation strategy comprise the following contents:
1. name of the application runtime; 2. a log output path; 3. log outputable level; 4. a time record format; 5. individual log file size.
The name of the log file includes: application name, log level, log time, and log number.
Specifically, 1, the application name and the name of the application running can be set by the application.
2. Log level, the level of the log record.
3. And the log time is used for recording when the log is created.
4. And the log number is determined according to the size information of the application configuration single log file, if the log record quantity exceeds the maximum limit, a new log is created, the application name, the log grade and the log time in the name of the new log are the same as the original log name, one is added at the log number, and the subsequent content is written into the new log file.
It should be noted that the units described in the embodiments of the present disclosure may be implemented by software, and may also be implemented by hardware. Where the name of a unit does not in some cases constitute a limitation of the unit itself, for example, the first retrieving unit may also be described as a "unit for retrieving at least two internet protocol addresses".
In summary, the log generating device disclosed by the present invention obtains the application message to be recorded generated in the running process of the application program, adds the application attribute parameter to the application message to be recorded, obtains the log information, generates the log file at the preset position according to the configuration parameter in the pre-loaded log generating policy, and stores the log information into the log file. Because the content contained in the application attribute parameters added in the application message to be recorded is the content contained in the preset finally generated log format, the log generation specification is unified by the method, so that the problem of inconsistency of log names, log formats, log contents and the like generated by each application program is effectively solved, and the operation and maintenance efficiency of the application system is improved.
In practical application, when the log records, security check needs to be performed on messages transmitted by an application program to prevent malicious information from forging log record contents, and the malicious information is injected into the log through an application interface to cause the log record to be tampered or forged. The existing journal recording system in the civil aviation system is lack of a journal injection prevention technology, and journal records are often generated according to experience, so that the operation and maintenance difficulty of an application system is increased, and the safety of the journal is influenced. Wherein, the log injection means: illegal fields are input into the application through an external interface of the application program, and the recorded content of the log is falsified or forged. Log anti-injection refers to: preventing the log record content from being tampered or forged.
In order to improve the log security, on the basis of the above embodiment, the invention adds a log injection prevention strategy.
Therefore, the message preprocessing module 402 may further be configured to:
judging whether the application message to be recorded carries a log identifier, wherein the log identifier is an identification field added by a log generation component for the log message, and the identification field is used for marking each piece of log information;
if so, replacing the log identifier with an injection identifier to obtain a first target application message to be recorded, and adding the application attribute parameter to the first target application message to be recorded to obtain the log information, wherein the injection identifier is: when injection detection is carried out on the application message to be recorded, the application message to be recorded is found to carry the characteristic field of the log identifier, and the injection identifier is used for preventing the log record content from being tampered or forged;
and if not, adding a log identifier for the application message to be recorded to obtain a second target application message to be recorded, and adding the application attribute parameter to the second target application message to be recorded to obtain the log information.
In practical application, the log identifier is used for operation and maintenance analysis of the application system, and the injection identifier is used for providing reference for security protection of the application system.
In this embodiment, the log identifier is an identification field added by the log generation component for the application message to be recorded, and the identification field can explicitly mark each piece of log information. Because log injection attack is usually composed of a section of legal information and illegal information, the log is injected by constructing an attack log information format according to the log format. The former section of the attack information is legal information, and combines with the normal parameters of the log to form normal log content, and adds the normal log content into the log file, and the latter section is illegal information, and the illegal information log is changed with the former section of the legal information by means of transferring symbol and the like according to the log record format, and the record is started from the new section, so that the log record is finally normal, but the attack is injected in reality.
In summary, the invention can effectively solve the attack means of this mode by adding the log identifier to the application message to be recorded, if an attacker does not know that the application message to be recorded has the log identifier, the attacker can cause that the log identifier exists in the legal information line and the illegal information line has no related identifier by a mode of combining legal information and illegal information through an injection attack construction method, so that when the final audit is carried out, the situation that the line without the log identifier and the line with the identifier which is the latest information of the application message to be recorded are the same information is transmitted can be determined, and the problem of log injection is further solved.
In addition, if an attacker knows the existence of the log identifier in advance, the attacker adds the log identifier to the illegal information segment when the log is composed of legal information and illegal information, the attacker intends to regard the row as a single row during log recording, and the log generation component detects whether the log identifier already exists in the incoming application message to be recorded or not.
Referring to fig. 6, a schematic structural diagram of a policy obtaining component in a log generating device disclosed in the embodiment of the present invention is shown, where:
a policy reading and loading module 404, configured to obtain the log generation policy configured according to a target requirement of an application program, and read the configuration parameters in the log generation policy;
and the policy checking module 405 is configured to perform feasibility checking on the configuration parameters, and output a log generation policy after acquiring the application message to be recorded when the configuration parameters pass the checking.
In actual practice, the policy checking module 405 may log the logging policy to the logging component.
The policy checking module 405 is further configured to feed back prompt information that the configuration parameter is incorrect when the configuration parameter fails to be checked.
It should be noted that, please refer to the corresponding parts of the method embodiments for the working principle of each component in the device embodiments, which is not described herein again.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
While several specific implementation details are included in the above discussion, these should not be construed as limitations on the scope of the disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure herein is not limited to the particular combination of features described above, but also encompasses other embodiments in which any combination of the features described above or their equivalents does not depart from the spirit of the disclosure. For example, the above features and (but not limited to) the features disclosed in this disclosure having similar functions are replaced with each other to form the technical solution.
Claims (12)
1. A method of log generation, comprising:
acquiring application messages to be recorded generated in the running process of an application program;
adding an application attribute parameter to the application message to be recorded to obtain log information, wherein the content contained in the application attribute parameter is the content contained in a preset finally generated log format;
generating a log file at a preset position according to configuration parameters in a pre-loaded log generation strategy;
and storing the log information to the log file.
2. The log generation method of claim 1, wherein said applying the property parameter comprises: an identifier, a message time, a machine name, an application name, a message level, a process name/thread name, a related message generated during the operation of the application, a log level, and a message transmitted by the application;
wherein the identifier comprises: a log identifier and an injection identifier, the injection identifier to address a log injection attack.
3. The log generation method of claim 1, wherein the configuration parameters in the log generation policy comprise: name of application runtime, log output path, log outputable level, time record format, and individual log file size.
4. The log generating method as claimed in claim 1, wherein the name of the log file comprises: application name, log level, log time, and log number.
5. The log generating method according to claim 1, wherein the adding an application attribute parameter to the application message to be recorded to obtain log information specifically includes:
judging whether the application message to be recorded carries a log identifier, wherein the log identifier is an identification field added by a log generation component for the log message, and the identification field is used for marking each piece of log information;
if so, replacing the log identifier with an injection identifier to obtain a first target application message to be recorded, and adding the application attribute parameter to the first target application message to be recorded to obtain the log information, wherein the injection identifier is: when injection detection is carried out on the application message to be recorded, the application message to be recorded is found to carry the characteristic field of the log identifier, and the injection identifier is used for preventing the log record content from being tampered or forged;
and if not, adding a log identifier for the application message to be recorded to obtain a second target application message to be recorded, and adding the application attribute parameter to the second target application message to be recorded to obtain the log information.
6. The log generating method as claimed in claim 1, wherein the loading process of the log generating policy comprises:
acquiring the log generation strategy configured according to the target requirement of the application program;
reading the configuration parameters in the log generation strategy;
carrying out feasibility verification on the configuration parameters;
and when the configuration parameters pass the verification, loading the log generation strategy after the application message to be recorded is acquired.
7. A log generating apparatus, comprising:
the application message acquisition module is used for acquiring the application message to be recorded generated in the running process of the application program;
the message preprocessing module is used for adding an application attribute parameter to the application message to be recorded to obtain log information, wherein the content contained in the application attribute parameter is the content contained in a preset finally generated log format;
and the log generation module is used for generating a log file at a preset position according to the configuration parameters in the pre-loaded log generation strategy and storing the log information into the log file.
8. The log generation apparatus of claim 7, wherein the application attribute parameters comprise: an identifier, a message time, a machine name, an application name, a message level, a process name/thread name, a related message generated during the operation of the application, a log level, and a message transmitted by the application;
wherein the identifier comprises: a log identifier and an injection identifier, the injection identifier to address a log injection attack.
9. The apparatus of claim 7, wherein the configuration parameters in the log generation policy comprise: name of application runtime, log output path, log outputable level, time record format, and individual log file size.
10. The log generating apparatus as claimed in claim 7, wherein the name of the log file comprises: application name, log level, log time, and log number.
11. The log generating device of claim 7, wherein the message preprocessing module is specifically configured to:
judging whether the application message to be recorded carries a log identifier, wherein the log identifier is an identification field added by a log generation component for the log message, and the identification field is used for marking each piece of log information;
if so, replacing the log identifier with an injection identifier to obtain a first target application message to be recorded, and adding the application attribute parameter to the first target application message to be recorded to obtain the log information, wherein the injection identifier is: when injection detection is carried out on the application message to be recorded, the application message to be recorded is found to carry the characteristic field of the log identifier, and the injection identifier is used for preventing the log record content from being tampered or forged;
and if not, adding a log identifier for the application message to be recorded to obtain a second target application message to be recorded, and adding the application attribute parameter to the second target application message to be recorded to obtain the log information.
12. The log generating apparatus according to claim 7, wherein the log generating apparatus further comprises:
the policy reading and loading module is used for acquiring the log generation policy configured according to the target requirement of the application program and reading the configuration parameters in the log generation policy;
and the strategy verification module is used for carrying out feasibility verification on the configuration parameters, and outputting the log generation strategy after the application message to be recorded is acquired when the configuration parameters pass the verification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010681886.6A CN111897789B (en) | 2020-07-15 | 2020-07-15 | Log generation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010681886.6A CN111897789B (en) | 2020-07-15 | 2020-07-15 | Log generation method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111897789A true CN111897789A (en) | 2020-11-06 |
| CN111897789B CN111897789B (en) | 2024-04-02 |
Family
ID=73191281
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010681886.6A Active CN111897789B (en) | 2020-07-15 | 2020-07-15 | Log generation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111897789B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112564959A (en) * | 2020-12-01 | 2021-03-26 | 上海恒生聚源数据服务有限公司 | Log acquisition method, device and equipment and readable storage medium |
| CN113835915A (en) * | 2021-08-31 | 2021-12-24 | 通号城市轨道交通技术有限公司 | Log recording method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150215181A1 (en) * | 2014-01-29 | 2015-07-30 | International Business Machines Corporation | Computer-implemented method for handling log file |
| CN107193721A (en) * | 2017-03-30 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | A kind of method and apparatus for generating daily record |
| CN108563718A (en) * | 2018-04-02 | 2018-09-21 | 郑州云海信息技术有限公司 | A kind of method and system preventing log flood |
| CN109542741A (en) * | 2018-10-11 | 2019-03-29 | 平安科技(深圳)有限公司 | The automatic packet storage approach of log, device, computer equipment and storage medium |
| CN109672546A (en) * | 2017-10-16 | 2019-04-23 | 比亚迪股份有限公司 | Log generation method, application server, log server and log generating system |
| CN110008086A (en) * | 2019-04-04 | 2019-07-12 | 星潮闪耀移动网络科技(中国)有限公司 | A kind of log generation method, device and a kind of client |
-
2020
- 2020-07-15 CN CN202010681886.6A patent/CN111897789B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150215181A1 (en) * | 2014-01-29 | 2015-07-30 | International Business Machines Corporation | Computer-implemented method for handling log file |
| CN107193721A (en) * | 2017-03-30 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | A kind of method and apparatus for generating daily record |
| CN109672546A (en) * | 2017-10-16 | 2019-04-23 | 比亚迪股份有限公司 | Log generation method, application server, log server and log generating system |
| CN108563718A (en) * | 2018-04-02 | 2018-09-21 | 郑州云海信息技术有限公司 | A kind of method and system preventing log flood |
| CN109542741A (en) * | 2018-10-11 | 2019-03-29 | 平安科技(深圳)有限公司 | The automatic packet storage approach of log, device, computer equipment and storage medium |
| CN110008086A (en) * | 2019-04-04 | 2019-07-12 | 星潮闪耀移动网络科技(中国)有限公司 | A kind of log generation method, device and a kind of client |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112564959A (en) * | 2020-12-01 | 2021-03-26 | 上海恒生聚源数据服务有限公司 | Log acquisition method, device and equipment and readable storage medium |
| CN113835915A (en) * | 2021-08-31 | 2021-12-24 | 通号城市轨道交通技术有限公司 | Log recording method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111897789B (en) | 2024-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103699480B (en) | A kind of WEB dynamic security leak detection method based on JAVA | |
| EP2420950B1 (en) | Information processing system, information processing method, information processing program, computer readable medium and computer data signal | |
| CN110134658B (en) | Log monitoring method, device, computer equipment and storage medium | |
| TWI575397B (en) | Point-wise protection of application using runtime agent and dynamic security analysis | |
| CN111563016B (en) | Log collection and analysis method and device, computer system and readable storage medium | |
| CN107241229B (en) | Service monitoring method and device based on interface testing tool | |
| CN110516448B (en) | Ash-tray testing method, device and equipment and readable storage medium | |
| US10331439B2 (en) | Source code transfer control method, computer program therefor, and recording medium therefor | |
| JP2003091432A (en) | Software evaluation system and software evaluation tool | |
| CN111897789B (en) | Log generation method and device | |
| WO2016048322A1 (en) | Determine secure activity of application under test | |
| CN108073499B (en) | Application program testing method and device | |
| US20240160748A1 (en) | Method And System For Data Flow Monitoring To Identify Application Security Vulnerabilities And To Detect And Prevent Attacks | |
| CN111858375A (en) | Software testing method, device, electronic equipment and medium | |
| CN113971031A (en) | Software package dependency relationship checking method and device | |
| CN116361807A (en) | Risk management and control method and device, storage medium and electronic equipment | |
| CN109740386B (en) | Method and device for detecting static resource file | |
| CN111885088A (en) | Log monitoring method and device based on block chain | |
| CN108763934B (en) | Data processing method and device, storage medium and server | |
| CN114979109A (en) | Behavior track detection method and device, computer equipment and storage medium | |
| CN111045891B (en) | Monitoring method, device, equipment and storage medium based on java multithreading | |
| CN115129495A (en) | Fault processing method and device, terminal equipment and computer readable storage medium | |
| CN113760701A (en) | Test processing method and device | |
| JP2022553498A (en) | Event log tamper resistance | |
| CN111427767A (en) | Attack testing method and device for application system, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |