CN111897789B - Log generation method and device - Google Patents
Log generation method and device Download PDFInfo
- Publication number
- CN111897789B CN111897789B CN202010681886.6A CN202010681886A CN111897789B CN 111897789 B CN111897789 B CN 111897789B CN 202010681886 A CN202010681886 A CN 202010681886A CN 111897789 B CN111897789 B CN 111897789B
- Authority
- CN
- China
- Prior art keywords
- log
- application
- recorded
- identifier
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000002347 injection Methods 0.000 claims description 48
- 239000007924 injection Substances 0.000 claims description 48
- 238000011068 loading method Methods 0.000 claims description 8
- 238000012795 verification Methods 0.000 claims description 8
- 238000007781 pre-processing Methods 0.000 claims description 6
- 238000001514 detection method Methods 0.000 claims description 4
- 238000012423 maintenance Methods 0.000 abstract description 13
- 238000010586 diagram Methods 0.000 description 9
- 230000002265 prevention Effects 0.000 description 9
- 230000006870 function Effects 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 4
- 238000012550 audit Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000007639 printing Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005242 forging Methods 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 238000011835 investigation Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/1805—Append-only file systems, e.g. using logs or journals to store data
- G06F16/1815—Journaling file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
- G06F11/3476—Data logging
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a log generating method and a log generating device, which are used for acquiring application information to be recorded, which is generated in the running process of an application program, adding application attribute parameters to the application information to be recorded to obtain log information, generating a log file at a preset position according to configuration parameters in a preloaded log file generating strategy, and storing the log information into the log file. Because the content contained in the application attribute parameters added in the application message to be recorded is the content contained in the preset finally generated log format, the invention unifies the log generation specifications, thereby effectively solving the problem of inconsistent log names, log formats, log contents and the like generated by each application program and improving the operation and maintenance efficiency of the application system.
Description
Technical Field
The present invention relates to the field of log generation technologies, and in particular, to a log generation method and apparatus.
Background
The log is used for recording various information generated in the running process of the application program so as to be maintained later. The log is used as one of important files in the operation of the application system, and plays an important role in the maintenance and management of the application system. When the application system has operation faults, the faults can be checked according to the log records.
At present, the log generation of each development team does not have unified standards, and the log names, the log formats, the log contents and the like generated by the application program during running are mostly generated by combining the development experience of the developer and the common negotiation with the operator, and the problems that the log contents are difficult to search or the log information is not recorded fully and the like are easy to exist because the log names, the log formats, the log contents and the like generated by each application program are different, so that the operation and the maintenance of an application system are difficult.
Disclosure of Invention
In view of the above, the invention discloses a method and a device for generating logs, which are used for unifying log generation specifications, so that the problem of inconsistent log names, log formats, log contents and the like generated by each application program is effectively solved, and the operation and maintenance efficiency of an application system is improved.
A log generation method, comprising:
acquiring an application message to be recorded generated in the running process of an application program;
adding application attribute parameters to the application message to be recorded to obtain log information, wherein the content contained in the application attribute parameters is preset content contained in a finally generated log format;
generating a log file at a preset position according to configuration parameters in a preloaded log generation strategy;
and storing the log information into the log file.
A log generating apparatus comprising:
the application message acquisition module is used for acquiring application messages to be recorded, which are generated in the running process of the application program;
the message preprocessing module is used for adding application attribute parameters to the application message to be recorded to obtain log information, wherein the content contained in the application attribute parameters is preset content contained in a finally generated log format;
the log generation module is used for generating a log file at a preset position according to configuration parameters in a preloaded log generation strategy and storing the log information into the log file.
As can be seen from the above technical solution, the present invention discloses a method and an apparatus for generating a log, which acquire an application message to be recorded generated by an application program in an operation process, add an application attribute parameter to the application message to be recorded, obtain log information, generate a log file at a preset position according to a configuration parameter in a preloaded log generating policy, and store the log information to the log file. Because the content contained in the application attribute parameters added in the application message to be recorded is the content contained in the preset finally generated log format, the invention unifies the log generation specifications, thereby effectively solving the problem of inconsistent log names, log formats, log contents and the like generated by each application program and improving the operation and maintenance efficiency of the application system.
Drawings
The above and other features, advantages, and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. The same or similar reference numbers will be used throughout the drawings to refer to the same or like elements. It should be understood that the figures are schematic and that elements and components are not necessarily drawn to scale.
FIG. 1 is a flow chart of a log generation method disclosed in an embodiment of the invention;
FIG. 2 is a flowchart of a method for log injection prevention in a log generation process according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method for loading a log generation policy according to an embodiment of the present invention;
FIG. 4 is a block diagram of a log generation component system in a log generation device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a log generating component in a log generating device according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a policy obtaining component in a log generating device according to an embodiment of the present invention.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure have been shown in the accompanying drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but are provided to provide a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the present disclosure are for illustration purposes only and are not intended to limit the scope of the present disclosure.
The term "including" and variations thereof as used herein are intended to be open-ended, i.e., including, but not limited to. The term "based on" is based at least in part on. The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments. Related definitions of other terms will be given in the description below.
It should be noted that the terms "first," "second," and the like in this disclosure are merely used to distinguish between different devices, modules, or units and are not used to define an order or interdependence of functions performed by the devices, modules, or units.
It should be noted that references to "one", "a plurality" and "a plurality" in this disclosure are intended to be illustrative rather than limiting, and those of ordinary skill in the art will appreciate that "one or more" is intended to be understood as "one or more" unless the context clearly indicates otherwise.
The embodiment of the invention discloses a log generation method and a log generation device, which are used for acquiring application information to be recorded, which is generated in the running process of an application program, adding application attribute parameters to the application information to be recorded to obtain log information, processing the log information according to configuration parameters in a preloaded log generation strategy to obtain a log corresponding to the log information, and storing the log into a log file. Because the content contained in the application attribute parameters added in the application message to be recorded is the content contained in the preset finally generated log format, the invention unifies the log generation specifications, thereby effectively solving the problem of inconsistent log names, log formats, log contents and the like generated by each application program and improving the operation and maintenance efficiency of the application system.
Referring to fig. 1, a flowchart of a log generating method disclosed in an embodiment of the present invention includes the steps of:
step S101, obtaining an application message to be recorded generated in the running process of an application program;
the source of the application message to be recorded comprises two parts, wherein one part is state information generated when the application program runs, such as fault alarm, normal information printing and the like, the other part is derived from an interface of the application program which is opened to a user, the user can transmit information to the application program through the interface, and the application program also records the information transmitted by the user as a log.
Step S102, adding application attribute parameters to the application message to be recorded to obtain log information;
it should be noted that, the content included in the application attribute parameter is the content included in the preset finally generated log format.
The application attribute parameters may include the following:
1. an identifier, comprising: a log identifier and an injection identifier, the injection identifier being used to address log injection attacks;
2. the message time is used for recording the information occurrence time;
3. a machine name, recording the name of a physical machine operated by the application;
4. the application name, the name of the application in running can be set by the application program;
5. the message grade, record the message grade that is imported in the log;
6. process name/thread name, process name and thread name of application program running in server;
7. related messages generated when the application runs include: global transaction ID, call number, session id\workspace, and asynchronous call message number;
8. log levels, i.e., the level of log records, include: a general log rating (Debug/Info/Warn/Error/Fatal), a performance log rating, and a trace log rating.
9. The application is applied with incoming messages, external messages that the application needs to record or the running itself is the generated state situation.
Step S103, generating a log file at a preset position according to configuration information in a preloaded log generation strategy;
specifically, in practical application, the generated log information may be stored in a log file according to a preset log storage path.
Wherein, the name of the log file includes: application name, log class, log time, and log number.
The configuration parameters in the log generation policy include the following:
1. the name of the application run-time; 2. a log output path; 3. the log may output a grade; 4. a time recording format; 5. individual log file sizes.
Step S104, storing the log information into the log file.
Specifically, 1, the application name, the name of the application in running can be set by the application itself.
2. Log grade, the grade of log record.
3. Log time, used to record when the book log was created from.
4. And the log number is determined according to the size information of the independent log file configured by the application, if the log record quantity exceeds the maximum limit, a new log is created, the application name, the log grade and the log time in the new log name are the same as those of the original log name, one is added at the log number, and the subsequent content is written into the new log file.
It is noted that the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In summary, according to the log generation method disclosed by the invention, the application message to be recorded, which is generated in the running process of the application program, is obtained, the application attribute parameter is added to the application message to be recorded, the log information is obtained, the log file is generated at the preset position according to the configuration parameter in the preloaded log generation strategy, and the log information is stored in the log file. Because the content contained in the application attribute parameters added in the application message to be recorded is the content contained in the preset finally generated log format, the invention unifies the log generation specifications, thereby effectively solving the problem of inconsistent log names, log formats, log contents and the like generated by each application program and improving the operation and maintenance efficiency of the application system.
The names of messages or information interacted between the various devices in the embodiments of the present disclosure are for illustrative purposes only and are not intended to limit the scope of such messages or information.
Although operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. In certain circumstances, multitasking and parallel processing may be advantageous.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order and/or performed in parallel. Furthermore, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
Computer program code for carrying out operations of the present disclosure may be written in one or more programming languages, including, but not limited to, an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
In practical application, the log needs to be subjected to security inspection on the information transmitted by the application program during recording so as to prevent malicious information from forging log record contents, and the malicious information is injected into the log through an application interface, so that the log record is tampered or forged. The existing log recording system in the civil aviation system lacks a log injection prevention technology, and often generates log records according to experience, so that the operation and maintenance difficulty of an application system is increased, and the log safety is affected. Wherein log injection refers to: and an illegal field is input to the application through an external interface of the application program, so that the recorded content of the log is tampered or forged. Log injection prevention refers to: preventing the log record content from being tampered with or falsified.
In order to improve log security, on the basis of the embodiment, the invention adds a log injection prevention strategy.
Referring to fig. 2, a flowchart of a method for log injection prevention in a log generation process is disclosed in an embodiment of the present invention, where the method includes the steps of:
step S201, obtaining an application message to be recorded generated in the running process of an application program;
the source of the application message to be recorded comprises two parts, wherein one part is state information generated when the application program runs, such as fault alarm, normal information printing and the like, the other part is derived from an interface of the application program which is opened to a user, the user can transmit information to the application program through the interface, and the application program also records the information transmitted by the user as a log.
Step S202, judging whether the application message to be recorded carries a log identifier, if so, executing step S203, and if not, executing step S204;
wherein, the log identifier is: the log generation component adds an identification field for the log message, the identification field being used to label each piece of log information.
Step S203, replacing the log identifier with an injection identifier to obtain a first target application message to be recorded, and adding application attribute parameters to the first target application message to be recorded to obtain log information;
wherein, the injection identifier is: when the injection detection is carried out on the application message to be recorded, the feature field of the log identifier carried by the application message to be recorded is found and is used for preventing the recorded content of the log from being tampered or forged.
The injection identifier may be a special character, such as "[:%? # @ ] ", to prevent the existence of application messages emulating log format content, causing log injection attacks.
And step S204, adding a log identifier to the application message to be recorded to obtain a second target application message to be recorded, and adding the application attribute parameter to the second target application message to be recorded to obtain the log information.
In practical application, the application attribute parameters may be added to the application message to be recorded to obtain the log information, and then the log identifier is carried in the obtained log information to determine whether the log identifier is carried in the obtained log information, so as to realize log injection prevention.
In practical applications, the log identifier is used for analysis and use of the operation and maintenance of the application system, and the injected identifier is used for providing reference for security protection of the application system.
In this embodiment, the log identifier is an identification field added by the log generating component for the application message to be recorded, and the identification field can explicitly mark each piece of log information. Because the log injection attack usually consists of a section of legal information and illegal information, the log is injected by constructing an attack log information format according to a log format. The former segment of attack information is legal information, and is combined with normal parameters of the log to form normal log content, and the latter segment is illegal information, then the log is imitated to log record format, when the illegal information log is recorded, the illegal information log is fed with the legal information of the former segment, and the log is recorded from the new segment, finally the log record is made to look normal, but the log record is actually injected into the attack.
The invention can effectively solve the attack means by adding the log identifier to the application message to be recorded, if an attacker does not know the existence of the log identifier in the application message to be recorded, the log identifier exists in legal information lines and has no related identifier in illegal information lines by injecting the method for constructing a section of legal information and illegal information, thus judging that the information with no log identifier is transmitted into the same line of information with the latest identifier of the information of the application message to be recorded in the last audit, and further solving the log injection problem.
In addition, if an attacker knows the existence of the log identifier in advance, the attacker adds the log identifier to the illegal information segment when the legal information and the illegal information are formed, the line is considered as a single line when the log is recorded, the log generating component detects whether the log identifier exists in the input application message to be recorded, and the log generating component only adds the log identifier before writing the log into the application message to be recorded, and does not need to externally input the log identifier, so that it is judged that a log injection operation exists, and the log generating component rejects the log identifier in the illegal information, changes the log identifier into the injection identifier and stores the log identifier into a log file for other subsequent investigation operation.
To further optimize the above embodiment, the present invention also provides a loading process of the log generation policy.
Referring to fig. 3, a flowchart of a loading method of a log generating policy disclosed in an embodiment of the present invention includes the steps of:
step S301, acquiring a log generation strategy configured according to target requirements of an application program;
in practical application, first, a log generation policy needs to be configured according to the target requirement of an application program.
See one of the log generation policies shown in table 1.
TABLE 1
The log type refers to: and selecting proper log types for recording according to different information generated by the application program in operation so as to facilitate the later maintenance and management of the application program.
The log types in table 1 may include: debug, info, WARN, ERROR, FATAL, RUNNING, audit, TRACE and SECURITY, etc.
Step S302, reading configuration parameters in the log generation strategy;
step S303, carrying out feasibility verification on the configuration parameters;
in practical application, the configuration parameters can be regularly checked to realize feasibility check, and the check content can be: whether a log storage path exists, whether a date format of log output is legal, whether a log output type is compliant, and the like.
Step S304, when the configuration parameters pass verification, loading a log generation strategy after acquiring the application message to be recorded;
step S305, when the configuration parameters are not verified, feeding back prompt information of wrong configuration parameters.
In summary, the invention ensures the safety and reliability of the log generation strategy by carrying out feasibility verification on the configuration parameters in the log generation strategy, thereby ensuring the accuracy of the log obtained by processing the log information based on the configuration parameters in the log generation strategy.
The method comprises the steps of building a component on the basis of formulating log generation requirements in civil aviation, wherein the log types and log contents mainly comprise the following log types: common log types (content requirements include debug information, status information and error information), performance log types (content requirements include application performance analysis and monitoring information), audit log types (content requirements include operation record information generated in the execution process of each link of an application program), trace log types (content requirements include reproducible fault and problem positioning information) and safety log types (content requirements include safety monitoring and analysis information).
According to the log type and the content requirement, the invention develops a log generating component system.
Corresponding to the embodiment of the method, the invention also discloses a log generating device, which comprises: a log generation component system shown in fig. 4, the log generation component system comprising: a log generation component and a policy acquisition component.
The log generation component includes: an application message acquisition module 401, a message preprocessing module 402, and a log generation module 403.
The policy acquisition component comprises: a policy read and load module 404 and a policy check module 405.
The working principle of each component in the log generating component system is described in detail as follows:
referring to fig. 5, a schematic structural diagram of a log generating component in a log generating apparatus according to an embodiment of the present invention is disclosed, wherein:
an application message obtaining module 401, configured to obtain an application message to be recorded generated in an application program running process;
the source of the application message to be recorded comprises two parts, wherein one part is state information generated when the application program runs, such as fault alarm, normal information printing and the like, the other part is derived from an interface of the application program which is opened to a user, the user can transmit information to the application program through the interface, and the application program also records the information transmitted by the user as a log.
The message preprocessing module 402 is configured to add an application attribute parameter to the application message to be recorded to obtain log information, where content included in the application attribute parameter is preset content included in a finally generated log format;
it should be noted that, the content included in the application attribute parameter is the content included in the preset finally generated log format.
The application attribute parameters may include the following:
1. an identifier, comprising: a log identifier and an injection identifier, the injection identifier being used to address log injection attacks;
2. the message time is used for recording the information occurrence time;
3. a machine name, recording the name of a physical machine operated by the application;
4. the application name, the name of the application in running can be set by the application program;
5. the message grade, record the message grade that is imported in the log;
6. process name/thread name, process name and thread name of application program running in server;
7. related messages generated when the application runs include: global transaction ID, call number, session id\workspace, and asynchronous call message number;
8. log levels, i.e., the level of log records, include: a general log rating (Debug/Info/Warn/Error/Fatal), a performance log rating, and a trace log rating.
9. The application is applied with incoming messages, external messages that the application needs to record or the running itself is the generated state situation.
The log generating module 403 is configured to generate a log file at a preset location according to the configuration parameters in the preloaded log generating policy, and store the log information into the log file.
The configuration parameters in the log generation strategy comprise the following contents:
1. the name of the application run-time; 2. a log output path; 3. the log may output a grade; 4. a time recording format; 5. individual log file sizes.
The name of the log file includes: application name, log class, log time, and log number.
Specifically, 1, the application name, the name of the application in running can be set by the application itself.
2. Log grade, the grade of log record.
3. Log time, used to record when the book log was created from.
4. And the log number is determined according to the size information of the independent log file configured by the application, if the log record quantity exceeds the maximum limit, a new log is created, the application name, the log grade and the log time in the new log name are the same as those of the original log name, one is added at the log number, and the subsequent content is written into the new log file.
It should be noted that, the units described in the embodiments of the present disclosure may be implemented by software, or may be implemented by hardware. The name of the unit does not in any way constitute a limitation of the unit itself, for example the first acquisition unit may also be described as "unit acquiring at least two internet protocol addresses".
In summary, the log generating device disclosed by the invention obtains the application message to be recorded, which is generated in the running process of the application program, adds the application attribute parameter to the application message to be recorded, obtains the log information, generates the log file at a preset position according to the configuration parameter in the preloaded log generating strategy, and stores the log information into the log file. Because the content contained in the application attribute parameters added in the application message to be recorded is the content contained in the preset finally generated log format, the invention unifies the log generation specifications, thereby effectively solving the problem of inconsistent log names, log formats, log contents and the like generated by each application program and improving the operation and maintenance efficiency of the application system.
In practical application, the log needs to be subjected to security inspection on the information transmitted by the application program during recording so as to prevent malicious information from forging log record contents, and the malicious information is injected into the log through an application interface, so that the log record is tampered or forged. The existing log recording system in the civil aviation system lacks a log injection prevention technology, and often generates log records according to experience, so that the operation and maintenance difficulty of an application system is increased, and the log safety is affected. Wherein log injection refers to: and an illegal field is input to the application through an external interface of the application program, so that the recorded content of the log is tampered or forged. Log injection prevention refers to: preventing the log record content from being tampered with or falsified.
In order to improve log security, on the basis of the embodiment, the invention adds a log injection prevention strategy.
Thus, the message preprocessing module 402 may also be configured to:
judging whether the application message to be recorded carries a log identifier or not, wherein the log identifier is an identification field added by a log generating component for the log message, and the identification field is used for marking each piece of log information;
if yes, replacing the log identifier with an injection identifier to obtain a first target application message to be recorded, and adding the application attribute parameter to the first target application message to be recorded to obtain the log information, wherein the injection identifier is as follows: when the application message to be recorded is subjected to injection detection, the application message to be recorded is found to carry the characteristic field of the log identifier, and the injection identifier is used for preventing the recorded content of the log from being tampered or forged;
if not, adding a log identifier to the application message to be recorded to obtain a second target application message to be recorded, and adding the application attribute parameter to the second target application message to be recorded to obtain the log information.
In practical applications, the log identifier is used for analysis and use of the operation and maintenance of the application system, and the injected identifier is used for providing reference for security protection of the application system.
In this embodiment, the log identifier is an identification field added by the log generating component for the application message to be recorded, and the identification field can explicitly mark each piece of log information. Because the log injection attack usually consists of a section of legal information and illegal information, the log is injected by constructing an attack log information format according to a log format. The former segment of attack information is legal information, and is combined with normal parameters of the log to form normal log content, and the latter segment is illegal information, then the log is imitated to log record format, when the illegal information log is recorded, the illegal information log is fed with the legal information of the former segment, and the log is recorded from the new segment, finally the log record is made to look normal, but the log record is actually injected into the attack.
In summary, the present invention can effectively solve the attack means by adding the log identifier to the application message to be recorded, if an attacker does not know that the log identifier exists in the application message to be recorded, the log identifier exists in legal information lines and no related identifier exists in illegal information lines by injecting a mode consisting of a section of legal information and illegal information through the construction method of attack, and thus, in the final audit, the fact that no log identifier line is transmitted with the same information as the latest information with the identifier of the previous application message to be recorded is judged, and the log injection problem is further solved.
In addition, if an attacker knows the existence of the log identifier in advance, the attacker adds the log identifier to the illegal information segment when the legal information and the illegal information are formed, the line is considered as a single line when the log is recorded, the log generating component detects whether the log identifier exists in the input application message to be recorded, and the log generating component only adds the log identifier before writing the log into the application message to be recorded, and does not need to externally input the log identifier, so that it is judged that a log injection operation exists, and the log generating component rejects the log identifier in the illegal information, changes the log identifier into the injection identifier and stores the log identifier into a log file for other subsequent investigation operation.
Referring to fig. 6, a schematic structural diagram of a policy obtaining component in a log generating device according to an embodiment of the present invention is disclosed, where:
a policy reading and loading module 404, configured to obtain the log generation policy configured according to the target requirement of the application program, and read the configuration parameters in the log generation policy;
and the policy checking module 405 is configured to perform feasibility checking on the configuration parameters, and output a log generating policy after the application message to be recorded is acquired when the configuration parameters pass the checking.
In actual practice, the policy check module 405 may document the log generation policy to the log generation component.
The policy checking module 405 is further configured to feed back a prompt message that the configuration parameter is wrong when the configuration parameter fails to be checked.
The working principles of the components in the device embodiment should be specifically described, please refer to the corresponding parts of the method embodiment, and the description is omitted herein.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are example forms of implementing the claims.
While several specific implementation details are included in the above discussion, these should not be construed as limiting the scope of the disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.
The foregoing description is only of the preferred embodiments of the present disclosure and description of the principles of the technology being employed. It will be appreciated by persons skilled in the art that the scope of the disclosure referred to in this disclosure is not limited to the specific combinations of features described above, but also covers other embodiments which may be formed by any combination of features described above or equivalents thereof without departing from the spirit of the disclosure. Such as those described above, are mutually substituted with the technical features having similar functions disclosed in the present disclosure (but not limited thereto).
Claims (10)
1. A log generation method, comprising:
acquiring an application message to be recorded generated in the running process of an application program;
adding application attribute parameters to the application message to be recorded to obtain log information, wherein the content contained in the application attribute parameters is preset content contained in a finally generated log format;
generating a log file at a preset position according to configuration parameters in a preloaded log generation strategy;
storing the log information to the log file;
the adding the application attribute parameter to the application message to be recorded to obtain log information specifically includes:
judging whether the application message to be recorded carries a log identifier or not, wherein the log identifier is an identification field added by a log generating component for the log message, and the identification field is used for marking each piece of log information;
if yes, replacing the log identifier with an injection identifier to obtain a first target application message to be recorded, and adding the application attribute parameter to the first target application message to be recorded to obtain the log information, wherein the injection identifier is as follows: when the application message to be recorded is subjected to injection detection, the application message to be recorded is found to carry the characteristic field of the log identifier, and the injection identifier is used for preventing the recorded content of the log from being tampered or forged;
if not, adding a log identifier to the application message to be recorded to obtain a second target application message to be recorded, and adding the application attribute parameter to the second target application message to be recorded to obtain the log information.
2. The log generating method as set forth in claim 1, wherein the application attribute parameter includes: identifier, message time, machine name, application name, message level, process name/thread name, related messages generated by the application runtime, log level, and messages incoming by the application;
wherein the identifier comprises: a log identifier and an injection identifier, the injection identifier for resolving a log injection attack.
3. The log generation method of claim 1, wherein the configuration parameters in the log generation policy comprise: the name of the application runtime, the log output path, the log exportable level, the time record format, and the individual log file size.
4. The log generating method according to claim 1, wherein the name of the log file includes: application name, log class, log time, and log number.
5. The log generation method of claim 1, wherein the loading process of the log generation policy comprises:
acquiring the log generation strategy configured according to the target requirement of the application program;
reading the configuration parameters in the log generation strategy;
carrying out feasibility verification on the configuration parameters;
and when the configuration parameters pass the verification, loading the log generation strategy after the application message to be recorded is acquired.
6. A log generating apparatus, comprising:
the application message acquisition module is used for acquiring application messages to be recorded, which are generated in the running process of the application program;
the message preprocessing module is used for adding application attribute parameters to the application message to be recorded to obtain log information, wherein the content contained in the application attribute parameters is preset content contained in a finally generated log format;
the log generation module is used for generating a log file at a preset position according to configuration parameters in a preloaded log generation strategy and storing the log information into the log file;
the message preprocessing module is specifically used for:
judging whether the application message to be recorded carries a log identifier or not, wherein the log identifier is an identification field added by a log generating component for the log message, and the identification field is used for marking each piece of log information;
if yes, replacing the log identifier with an injection identifier to obtain a first target application message to be recorded, and adding the application attribute parameter to the first target application message to be recorded to obtain the log information, wherein the injection identifier is as follows: when the application message to be recorded is subjected to injection detection, the application message to be recorded is found to carry the characteristic field of the log identifier, and the injection identifier is used for preventing the recorded content of the log from being tampered or forged;
if not, adding a log identifier to the application message to be recorded to obtain a second target application message to be recorded, and adding the application attribute parameter to the second target application message to be recorded to obtain the log information.
7. The log generating apparatus of claim 6, wherein the application attribute parameter comprises: identifier, message time, machine name, application name, message level, process name/thread name, related messages generated by the application runtime, log level, and messages incoming by the application;
wherein the identifier comprises: a log identifier and an injection identifier, the injection identifier for resolving a log injection attack.
8. The log generating apparatus of claim 6, wherein the configuration parameters in the log generating policy comprise: the name of the application runtime, the log output path, the log exportable level, the time record format, and the individual log file size.
9. The log generating apparatus according to claim 6, wherein the name of the log file includes: application name, log class, log time, and log number.
10. The log generating apparatus according to claim 6, wherein the log generating apparatus further comprises:
the strategy reading and loading module is used for acquiring the log generation strategy configured according to the target requirement of the application program and reading the configuration parameters in the log generation strategy;
and the strategy verification module is used for carrying out feasibility verification on the configuration parameters, and outputting the log generation strategy after acquiring the application message to be recorded when the configuration parameters pass the verification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010681886.6A CN111897789B (en) | 2020-07-15 | 2020-07-15 | Log generation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010681886.6A CN111897789B (en) | 2020-07-15 | 2020-07-15 | Log generation method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111897789A CN111897789A (en) | 2020-11-06 |
| CN111897789B true CN111897789B (en) | 2024-04-02 |
Family
ID=73191281
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010681886.6A Active CN111897789B (en) | 2020-07-15 | 2020-07-15 | Log generation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111897789B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112564959A (en) * | 2020-12-01 | 2021-03-26 | 上海恒生聚源数据服务有限公司 | Log acquisition method, device and equipment and readable storage medium |
| CN113835915A (en) * | 2021-08-31 | 2021-12-24 | 通号城市轨道交通技术有限公司 | Log recording method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107193721A (en) * | 2017-03-30 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | A kind of method and apparatus for generating daily record |
| CN108563718A (en) * | 2018-04-02 | 2018-09-21 | 郑州云海信息技术有限公司 | A kind of method and system preventing log flood |
| CN109542741A (en) * | 2018-10-11 | 2019-03-29 | 平安科技(深圳)有限公司 | The automatic packet storage approach of log, device, computer equipment and storage medium |
| CN109672546A (en) * | 2017-10-16 | 2019-04-23 | 比亚迪股份有限公司 | Log generation method, application server, log server and log generating system |
| CN110008086A (en) * | 2019-04-04 | 2019-07-12 | 星潮闪耀移动网络科技(中国)有限公司 | A kind of log generation method, device and a kind of client |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW201530307A (en) * | 2014-01-29 | 2015-08-01 | Ibm | Computer-implemented method for handling logs |
-
2020
- 2020-07-15 CN CN202010681886.6A patent/CN111897789B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107193721A (en) * | 2017-03-30 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | A kind of method and apparatus for generating daily record |
| CN109672546A (en) * | 2017-10-16 | 2019-04-23 | 比亚迪股份有限公司 | Log generation method, application server, log server and log generating system |
| CN108563718A (en) * | 2018-04-02 | 2018-09-21 | 郑州云海信息技术有限公司 | A kind of method and system preventing log flood |
| CN109542741A (en) * | 2018-10-11 | 2019-03-29 | 平安科技(深圳)有限公司 | The automatic packet storage approach of log, device, computer equipment and storage medium |
| CN110008086A (en) * | 2019-04-04 | 2019-07-12 | 星潮闪耀移动网络科技(中国)有限公司 | A kind of log generation method, device and a kind of client |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111897789A (en) | 2020-11-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI575397B (en) | Point-wise protection of application using runtime agent and dynamic security analysis | |
| CN103699480B (en) | A kind of WEB dynamic security leak detection method based on JAVA | |
| EP1906330B1 (en) | Information processing system, information processing method, information processing program, computer readable medium and computer data signal | |
| CN111563016B (en) | Log collection and analysis method and device, computer system and readable storage medium | |
| CN110134658B (en) | Log monitoring method, device, computer equipment and storage medium | |
| US10331439B2 (en) | Source code transfer control method, computer program therefor, and recording medium therefor | |
| CN111897789B (en) | Log generation method and device | |
| US20240143739A1 (en) | Intelligent obfuscation of mobile applications | |
| CN111524007A (en) | Embedded intrusion detection method and device for intelligent contract | |
| US20240160748A1 (en) | Method And System For Data Flow Monitoring To Identify Application Security Vulnerabilities And To Detect And Prevent Attacks | |
| CN113971031A (en) | Software package dependency relationship checking method and device | |
| CN116361807A (en) | Risk management and control method and device, storage medium and electronic equipment | |
| CN115576649A (en) | Container operation safety detection method based on behavior monitoring | |
| CN112256532A (en) | Test interface generation method and device, computer equipment and readable storage medium | |
| CN112445706A (en) | Program abnormal code acquisition method and device, electronic equipment and storage medium | |
| CN108763934B (en) | Data processing method and device, storage medium and server | |
| CN114979109B (en) | Behavior track detection method, behavior track detection device, computer equipment and storage medium | |
| US20240202333A1 (en) | Method and apparatus for disarming ole object in ms-ooxml | |
| CN115481023A (en) | Interface data checking method and device, computer equipment and readable storage medium | |
| CN112528331A (en) | Privacy disclosure risk detection method, device and system | |
| CN109740386B (en) | Method and device for detecting static resource file | |
| CN113419738A (en) | Interface document generation method and device and interface management equipment | |
| CN113467815A (en) | Application repair method and device for hot update, terminal equipment and storage medium | |
| CN113760701A (en) | Test processing method and device | |
| CN114556346A (en) | Tamper-proofing of event logs |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |