CN112491584B - Service operation safety condition judgment method and device, electronic medium and storage medium - Google Patents

Service operation safety condition judgment method and device, electronic medium and storage medium Download PDF

Info

Publication number
CN112491584B
CN112491584B CN202011218311.7A CN202011218311A CN112491584B CN 112491584 B CN112491584 B CN 112491584B CN 202011218311 A CN202011218311 A CN 202011218311A CN 112491584 B CN112491584 B CN 112491584B
Authority
CN
China
Prior art keywords
service
log
level
determining
monitoring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011218311.7A
Other languages
Chinese (zh)
Other versions
CN112491584A (en
Inventor
陈元
聂心原
代静平
夏京
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beike Technology Co Ltd
Original Assignee
Beike Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beike Technology Co Ltd filed Critical Beike Technology Co Ltd
Priority to CN202011218311.7A priority Critical patent/CN112491584B/en
Publication of CN112491584A publication Critical patent/CN112491584A/en
Application granted granted Critical
Publication of CN112491584B publication Critical patent/CN112491584B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0677Localisation of faults
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The embodiment of the invention provides a method and a device for judging service operation safety condition, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring service log data, determining a standard grade of service log records, determining a service log monitoring and positioning grade and determining a service log alarm grade; and judging the operation safety condition level of the service according to one or more of the specification level of the log record of the service, the log monitoring and positioning level of the service and the log alarm level of the service. The embodiment can determine the operation safety condition of the service by judging whether the log record is standard or not, monitoring and whether the positioning capability is complete or not and whether the alarm capability is accurate or not so as to find problems, quickly position the problems and solve the problems accurately in time.

Description

Service operation safety condition judgment method and device, electronic medium and storage medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for determining a service operation security status, an electronic device, and a storage medium.
Background
With the rapid development of the modern internet industry, the system architecture inside a large internet company is more and more complex, the whole internet company is of a complex mesh structure, with the promotion of micro-services, middle-station services and the like, a large internet enterprise often has thousands of micro-services, even tens of thousands of micro-services, and the complex system with the scale has high requirements on means for evaluating the service operation safety conditions such as monitoring, positioning and the like.
Disclosure of Invention
In order to solve the problems in the prior art, embodiments of the present invention provide a method and an apparatus for determining a service operation security status, an electronic device, and a storage medium.
In a first aspect, an embodiment of the present invention provides a method for determining a service operation security status, including:
acquiring log data of a service, and determining the standard grade of a log record of the service;
acquiring service log data and determining the service log monitoring and positioning level;
acquiring log data of a service, and determining a log alarm level of the service;
and judging the operation safety condition level of the service according to one or more of the specification level of the log record of the service, the log monitoring and positioning level of the service and the log alarm level of the service.
Further, the obtaining log data of the service and determining a specification level of log records of the service includes:
determining the standard level of the log record of the service according to whether the log data of the service has a preset field; the preset field is one or more of a traceID field, a segmentID field, a logLevel field and a bltag field.
Further, the obtaining log data of the service and determining the log monitoring and positioning level of the service includes:
determining the log monitoring and positioning grade of the service according to whether the log data of the service is accessed to a preset monitoring and positioning system; the preset monitoring and positioning system is one or more of a sky eye log system, a metric monitoring system and a keystroke monitoring system.
Further, the obtaining log data of the service and determining the log alarm level of the service includes:
determining the log alarm level of the service according to whether the log data of the service is accessed to a preset alarm system; the preset alarm system is a CPS alarm system and/or a CMDB alarm system.
Further, the determining the specification level of the log record of the service according to whether there is a preset field in the log data of the service includes:
determining a quantitative parameter value of a log record specification of the service according to a first relation model according to the fact whether the log data of the service has one or more of a traceID field, a segmentID field, a logLevel field and a bltag field;
determining the specification level of the log record of the service according to the quantitative parameter value of the log record specification of the service;
wherein the first relationship model is:
Q1=n1*g1+n2*g2+n3*g3+n4*g4
wherein Q is1A quantization parameter value, n, representing a logging specification of the service1Represents the weight coefficient, g, corresponding to the traceID field1Indicating the proportion of the traceID field in the log data, n2Represents the weight coefficient, g, corresponding to the segment ID field2Indicating the proportion of the segmentID field to the log data, n3Representing the weight coefficient corresponding to the logLevel field, g3 representing the proportion of the logLevel field in the log data, n4Indicates the weight coefficient, g, corresponding to the bltag field4Indicating the ratio of the bltag field to the log data.
Further, the determining the log monitoring and positioning level of the service according to whether the log data of the service is accessed to a preset monitoring and positioning system includes:
determining a quantitative parameter value of log monitoring positioning of the service according to a second relation model according to whether log data of the service is accessed to one or more of a sky-eye log system, metric monitoring and keystroke monitoring;
determining the log monitoring and positioning grade of the service according to the quantitative parameter value of the log monitoring and positioning of the service;
wherein the second relationship model is:
Q2=(m1+m11)+m2+m3
wherein Q is2Quantitative parameter value, m, representing log monitoring position of said service1Representing a quantitative parameter value, m, corresponding to the access to the sky-eye log system11To representAccessing into the sky-eye log system and configuring the quantitative parameter values m of the query task and the event2Indicating the corresponding quantitative parameter value, m, of the access metric monitoring3Indicating that the access tracece monitors the corresponding quantization parameter value.
Further, the determining the log alarm level of the service according to whether the log data of the service is accessed to a preset alarm system includes:
determining a quantitative parameter value of the service log alarm according to a third relation model according to whether the service log data is accessed to a CPS alarm system and/or a CMDB alarm system;
determining the log alarm level of the service according to the quantitative parameter value of the log alarm of the service;
wherein the third relationship model is:
Q3=R1*E1+R2*E2
wherein Q is3Quantitative parameter value, R, representing log alarms of said service1Representing the quantitative parameter value corresponding to the access to the CPS alarm system, E1Indicating the number of persons to be handled, R, who are connected to and configured in a CPS alarm system2Representing the quantitative parameter value corresponding to the access to the CMDB alarm system, E2Representing the number of persons handling access to the CMDB alarm system and configured.
In a second aspect, an embodiment of the present invention provides a device for determining a service operation security condition, including:
the first acquisition module is used for acquiring the log data of the service and determining the specification level of the log record of the service;
the second acquisition module is used for acquiring the log data of the service and determining the log monitoring and positioning level of the service;
the third acquisition module is used for acquiring the log data of the service and determining the log alarm level of the service;
and the judging module is used for judging the operation safety condition level of the service according to one or more of the specification level of the log record of the service, the log monitoring and positioning level of the service and the log alarm level of the service.
In a third aspect, an embodiment of the present invention further provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the method for determining a security status of service operation according to the first aspect when executing the program.
In a fourth aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the service operation safety condition determination method according to the first aspect.
As can be seen from the foregoing technical solutions, the method, the apparatus, the electronic device, and the storage medium for determining the service operation security status provided in the embodiments of the present invention can obtain the log data of the service, determine the specification level of the log record of the service, obtain the log data of the service, determine the log monitoring and positioning level of the service, obtain the log data of the service, and determine the log alarm level of the service; and judging the operation safety condition level of the service according to one or more of the standard level of the log record of the service, the log monitoring and positioning level of the service and the log alarm level of the service, and judging whether the log record is standard or not, whether monitoring and positioning capacity access is complete or not and whether alarm capacity is accurate or not so as to find the problem, quickly position the problem and solve the problem accurately in time and further determine the operation safety condition of the service.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic flow chart illustrating a method for determining a security status of service operation according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a service operation safety condition determining apparatus according to an embodiment of the present invention;
fig. 3 is a schematic physical structure diagram of an electronic device according to an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments, but not all embodiments, of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention. In this embodiment, it should be noted that with the rapid development of the modern internet industry, the system architecture inside a large internet company is also more and more complex, and the whole internet company has a complex mesh structure, and with the advance of micro-services, middle-stage services, and the like, a large internet enterprise often has thousands or even tens of thousands of micro-services, and thus a complex system of such a scale has a high requirement on means for evaluating the service operation security status, such as monitoring, positioning, and the like, but because there is information asymmetry between the infrastructure side and the business side, that is, the service operation security status at the internet company enterprise level cannot be determined, the problem is discovered and solved. For example, infrastructure teams already have many good abilities and practices and are very helpful in promoting business monitoring and positioning, but are difficult to promote and often suspect; the information asymmetry exists between the infrastructure side and the service side, the service synchronization does not know which use capabilities exist, and meanwhile, the infrastructure does not know whether the classmate of the service side is reasonable or not, and whether the best practice is realized or not. The service operation safety condition determination method provided by the present invention will be explained and explained in detail by specific embodiments.
In the production environment, the log plays an important role, and is used for checking abnormal logs, optimizing performance, monitoring and positioning service, alarming service and the like. However, thousands of services are run in production, each service only needs simple local storage, and when a log troubleshooting problem is needed, a node where the log is located is difficult to find, and the data value of the service log is difficult to mine.
Fig. 1 is a schematic flow chart illustrating a method for determining a security status of service operation according to an embodiment of the present invention; as shown in fig. 1, the method includes:
step 101: and acquiring the log data of the service and determining the specification level of the log record of the service.
In this step, it should be noted that, relevant log data are collected in real time at a buried point on each service node, a log file collection end may use filebolt, data filtering and cleaning may be performed according to a unified rule after log data of a service is obtained, meanwhile, a cleaning dimension may be set as service plus time, and then the service plus time dimension is stored in a database.
In this step, it should be noted that the normalization degree of the log record, i.e., the normalization level of the log record, can be determined by the log data. For example, the log data is read, and the specification level of the log record is determined according to whether there are preset fields in the log data, for example, three preset fields are defined, if the log data V1 includes one preset field, the specification level of the log record can be determined as one level, if the log data V2 includes two preset fields, the specification level of the log record can be determined as two levels, and if the log data V1 includes three preset fields, the specification level of the log record can be determined as three levels.
Step 102: and acquiring the log data of the service, and determining the log monitoring and positioning level of the service.
In this step, it should be noted that it can be determined whether the access of the log monitoring positioning capability is complete through the log data, that is, the log monitoring positioning level. For example, the log data is read, and the log monitoring location level is determined according to whether a preset monitoring location system is accessed in the log data, for example, three preset monitoring location systems are specified, if one preset monitoring location system is accessed in the log data V1 of the item Z1, the log monitoring location level can be determined as one level, if two preset monitoring location systems are accessed in the log data V2 of the item Z2, the log monitoring location level can be determined as two levels, and if three preset monitoring location systems are accessed in the log data V3 of the item Z3, the log monitoring location level can be determined as three levels.
Step 103: and acquiring the log data of the service and determining the log alarm level of the service.
In this step, it should be noted that whether the log alarm capability is accurate, that is, the log alarm level, can be determined through the log data. For example, the log data is read, and the log alarm level is determined according to whether a preset alarm system is accessed in the log data, for example, three preset alarm systems are defined, if one preset alarm system is accessed in the log data V1 of the item P1, the log alarm level can be determined as one level, if two preset alarm systems are accessed in the log data V2 of the item P2, the log alarm level can be determined as two levels, and if three preset alarm systems are accessed in the log data V3 of the item P3, the log alarm level can be determined as three levels.
Step 104: and judging the operation safety condition level of the service according to one or more of the specification level of the log record of the service, the log monitoring and positioning level of the service and the log alarm level of the service.
In this step, it can be understood that the determination of the operation safety condition level of the service is performed according to one or more of the specification level of the log record of the service, the log monitoring positioning level of the service and the log alarm level of the service. The operation safety condition grade of the service can be determined by adopting a mode of adding and summing the specification grade of the log record, the log monitoring and positioning grade and the log alarm grade, the operation safety condition grade of the service can also be determined by adopting a mode of setting corresponding weight, the specification grade of the log record, the log monitoring and positioning grade and the log alarm grade can also be added and summed, and then calculates the range corresponding to the operation safety condition level of the service to determine the operation safety condition level of the service, in this embodiment, for example, 0 to 3 are set as one level (operation safety level of service), 3 to 6 are set as two levels (operation safety level of service), and 6 to 9 are set as three levels (operation safety level of service), where the one level (specification level of log record) + the one level (log monitoring positioning level) + the one level (log alarm level) is set to 3.
As can be seen from the above technical solutions, the service operation safety condition determination method provided in the embodiments of the present invention can obtain the service log data, determine the specification level of the service log record, obtain the service log data, determine the service log monitoring and positioning level, obtain the service log data, and determine the service log alarm level; the method comprises the steps of judging the operation safety condition level of the service according to one or more of the standard level of the log record of the service, the log monitoring and positioning level of the service and the log alarm level of the service, and judging whether the log record is standard, whether the monitoring and positioning capacity is complete and whether the alarm capacity is accurate, so that problems can be timely and accurately found, quickly positioned and solved, and the operation safety condition of the service can be further determined. Meanwhile, the method for judging the service operation safety condition can timely and accurately find the problem and quickly position the problem, so that the service owner with the problem can be timely determined by the service owner or the responsible person on the infrastructure side, and the problem is solved according to the service owner, so that the problem cannot be found and solved due to the fact that information is asymmetric between the infrastructure side and the service side.
On the basis of the foregoing embodiment, in this embodiment, acquiring log data of a service, and determining a specification level of a log record of the service includes:
determining the standard level of the log record of the service according to whether the log data of the service has a preset field; the preset field is one or more of a traceID field, a segmentID field, a logLevel field and a bltag field.
In this embodiment, for example, whether there is a traceID field in the log is checked, 10000 logs are taken for each event according to all events configured in Fast by the item, and fuzzy matching index fields such as trace _ id, traceID, and xxx traceID are all calculated to be matched, that is, there is a traceID field.
In this embodiment, for example, whether there is a segment id field in the log is checked, 10000 logs with the latest event can be taken for each event according to all events configured in Fast by the item, and the fuzzy matching index field, such as segemtn _ id, segment id, xxx _ segment id, is calculated to be satisfied (the log sampling rule is the same as above), that is, there is a segment id field.
In this embodiment, for example, whether a log has a logLevel field is checked, and according to all events configured in Fast by the item, each event may take the latest 10000 logs, and a fuzzy matching index field, such as log _ level, logLevel, and xxx _ logLevel, all of which are satisfied (the log sampling rule is the same as above), i.e., a logLevel field is present.
In this embodiment, for example, whether there is a bltag field in the log is checked, 10000 logs are taken for each event according to all events configured in Fast by the item, and the fuzzy matching index field, such as bltag and xxx _ bltag, is calculated to be satisfied (log sampling rule is the same as above), that is, there is a bltag field.
According to the technical scheme, the service operation safety condition judgment method provided by the embodiment of the invention determines the standard level of the log record of the service according to whether the log data of the service has the preset field or not, so that the standard level of the log record can be more accurately determined.
On the basis of the foregoing embodiment, in this embodiment, acquiring log data of a service and determining a log monitoring location level of the service includes:
determining the log monitoring and positioning grade of the service according to whether the log data of the service is accessed to a preset monitoring and positioning system; the preset monitoring and positioning system is one or more of a sky eye log system, a metric monitoring system and a keystroke monitoring system.
In this embodiment, for example, it is standard to check whether FAST, that is, the sky-eye log system is accessed, and at least one log file is accessed to the sky-eye log system in a data stream form.
In this embodiment, for example, it may be standard that whether the metric monitoring is accessed is checked, and the measurement is reported by using a Hawk client, and data to be monitored of the item exists in the application monitoring of the Kemonitor.
In this embodiment, for example, whether the KeTrace monitoring is accessed or not may be checked, and the standard may be that a KeTrace client is used to report link information to a KeTrace, and a link of the item may be queried in the KeTrace.
According to the technical scheme, the service operation safety condition judgment method provided by the embodiment of the invention can determine the log monitoring and positioning level of the service according to whether the log data of the service is accessed to the preset monitoring and positioning system, so that the log monitoring and positioning level can be more accurately determined.
On the basis of the foregoing embodiment, in this embodiment, acquiring log data of a service and determining a log alarm level of the service includes:
determining the log alarm level of the service according to whether the log data of the service is accessed to a preset alarm system; the preset alarm system is a CPS alarm system and/or a CMDB alarm system.
In the present embodiment, it is checked whether, for example, a CPS alarm system and/or a CMDB alarm system is accessed. Further, whether a preset alarm system is accessed or not can be checked, and a specific RD (handler) is configured, preferably more than two RD personnel are needed.
In this embodiment, besides the preset alarm system, the number of alarm rules may also be configured, so that the configuration of richer alarm rules according to the service scenario is encouraged, and the code normative alarm is not encouraged to be left to the online and then repaired. The rule can be according to the code line number, and the alarm rule number that different code line numbers correspond is different, and alarm rule number is day eye warning + metric warning.
In this embodiment, the code specification can be checked on the basis, if the alarm such as null pointer and array out-of-range should not occur, the alarm number is checked, the preset alarm number threshold value is set, and the alarm storm is prevented from burying the effective alarm.
According to the technical scheme, the service operation safety condition judgment method provided by the embodiment of the invention determines the log alarm level of the service according to whether the log data of the service is accessed to the preset alarm system, so that the log alarm level can be more accurately determined.
On the basis of the foregoing embodiment, in this embodiment, determining a specification level of a log record of a service according to whether there is a preset field in log data of the service includes:
determining a quantitative parameter value of a log record specification of the service according to a first relation model according to the fact whether log data of the service has one or more of a traceID field, a segmentID field, a logLevel field and a bltag field;
determining the standard grade of the log record of the service according to the quantitative parameter value of the log record standard of the service;
wherein the first relational model is:
Q1=n1*g1+n2*g2+n3*g3+n4*g4
wherein Q is1Quantized parameter values, n, representing a logging specification of a service1Represents the weight coefficient, g, corresponding to the traceID field1Indicating the proportion of the traceID field in the log data, n2Represents the weight coefficient, g, corresponding to the segment ID field2Indicating the proportion of the segmentID field to the log data, n3Representing the weight coefficient corresponding to the logLevel field, g3 representing the proportion of the logLevel field in the log data, n4Indicates the weight coefficient, g, corresponding to the bltag field4Indicating the ratio of the bltag field to the log data.
In this embodiment, what needs to be described about the bltag field is:
printing a bltag (log type) in the log, wherein the bltag is provided with a request _ out type and erroro and errormg fields, and the method is mainly used for strengthening a state code and a description field on the basis of using a request _ out rule, wherein the bltag field exists in the log sampling rule (the same as the above), the request _ out type exists in the bltag, and the erroro and errormg fields exist in the log of the request _ out type.
Secondly, the bltag is provided with an http _ fail type and error fields, and the state code and description fields are strengthened on the basis of using an http _ fail rule, wherein the bltag field exists in the log sampling rule (the same as the log sampling rule), the http _ fail type exists in the bltag, and the error and error fields exist in the log of the http _ fail type.
And thirdly, the bltag is provided with a dubbo _ fail type and error fields, and the method is mainly used for strengthening the status code and description fields on the basis of using the dubbo _ fail rule, wherein the bltag field exists in the log sampling rule (the same as the above), the dubbo _ fail type exists in the bltag, and the error and error fields exist in the log of the http _ fail type.
In this example, it should be noted that, the range of the quantization parameter value of the logging specification of the service corresponding to the specification level of the logging of the service is set, so that the quantization parameter value of the logging specification of the service calculated according to the first relational model is determined within which range, and then the specification level of the logging of the service is determined.
In this embodiment, for example, whether there is a traceID field in the log is checked, 10000 latest logs can be taken for each event according to all events configured in Fast by the item, fuzzy matching index fields such as trace _ id, traceID, and xxx traceID are all calculated to be satisfied, and the proportion of the index field satisfying the condition to all logs is counted, such as the check result: the ratio of the index fields meeting the conditions to all the logs is 25%, and the weight coefficient corresponding to the traceID field is configured to be 0.4.
Checking whether a segment ID field exists in the log, wherein each event can be the latest 10000 logs according to all events configured in Fast by the item, fuzzy matching index fields such as segemtn _ id, segment Id, segment ID and xxx segment Id are calculated to be in line, and counting the proportion of the index field in line with the condition in all the logs, such as the checking result: the ratio of the index fields meeting the conditions to all the logs is 25%, and the weight coefficient corresponding to the traceID field is configured to be 0.2.
Whether log fields exist or not is checked, according to all events configured in Fast by items, each event takes the latest 10000 logs, and fuzzy matching index fields are calculated to be in line, such as log _ level, log level and xxx _ log level, and the proportion of index fields meeting conditions to all logs is counted, such as the check result: the ratio of the index fields meeting the conditions to all the logs is 25%, and the weight coefficient corresponding to the traceID field is configured to be 0.2.
Whether a bltag field exists in the log is checked, according to all events configured in Fast by the item, each event takes the latest 10000 logs, fuzzy matching index fields such as bltag and xxx _ bltag are calculated to be in accordance, and the proportion of the index field in accordance with the condition to all logs is counted, such as the check result: the ratio of the index fields meeting the conditions to all the logs is 25%, and the weight coefficient corresponding to the traceID field is configured to be 0.2.
Calculating according to the first relation model: q10.4 × 0.25+0.2 × 0.25 — 0.25, that is, the quantization parameter value of the logging specification of the service is 0.25, which range to fall within is determined, and if 0.25 falls in three stages (specification level of logging), then the specification level of the logging of the service is determined to be three stages.
According to the technical scheme, the service operation safety condition judgment method provided by the embodiment of the invention can more accurately determine the standard level of the log record of the service.
On the basis of the foregoing embodiment, in this embodiment, determining the log monitoring location level of the service according to whether the log data of the service is accessed to the preset monitoring location system includes:
determining a quantitative parameter value of the service log monitoring positioning according to a second relation model according to whether the service log data is accessed to one or more of a sky-eye log system, metric monitoring and keystroke monitoring;
determining the log monitoring and positioning grade of the service according to the quantitative parameter value of the log monitoring and positioning of the service;
wherein the second relationship model is:
Q2=(m1+m11)+m2+m3
wherein Q is2Quantitative parameter value, m, representing log monitoring location of service1Representing a quantitative parameter value, m, corresponding to the access to the sky-eye log system11Quantitative parameter values, m, representing access to a sky-eye log system and configured with query tasks and events2Indicating the corresponding quantitative parameter value, m, of the access metric monitoring3Indicating that the access tracece monitors the corresponding quantization parameter value.
In this example, it should be noted that a quantization parameter value of the log monitoring location of the service corresponding to the log monitoring location level of the service is set, so that a range within which the quantization parameter value of the log monitoring location of the service falls is determined according to the quantization parameter value of the log monitoring location of the service calculated by the second relation model, and then the log monitoring location level of the service is determined.
In this embodiment, it should be noted that, after accessing the skyhook log system, whether corresponding tasks and events are configured is examined, whether a log query condition is met is examined, and it may be standard that at least one task and one event are configured in the skyhook log system for the item.
In this embodiment, for example, if the log data of the service J1 is accessed to the quantization parameter value 25 corresponding to the sky-eye log system, the log data of the service J1 is accessed to the sky-eye log system and is configured with the quantization parameter value 25 of a task and an event, the log data of the service J1 is accessed to the metric to monitor the corresponding quantization parameter value 25, and the log data of the service J1 is accessed to the key to monitor the corresponding quantization parameter value 25, the following calculation is performed according to the second relationship model: q2The service log record specification is determined to be in which range, namely the quantized parameter value of the service log record specification is 100, (25+25) +25 +25) is 100, and if 100 falls in the second level (log monitoring positioning level), the service log record specification level is determined to be the second level.
According to the technical scheme, the service operation safety condition judgment method provided by the embodiment of the invention can more accurately determine the log monitoring and positioning level of the service.
On the basis of the foregoing embodiment, in this embodiment, determining a log alarm level of a service according to whether log data of the service is accessed to a preset alarm system includes:
determining a quantitative parameter value of the service log alarm according to a third relation model according to whether the service log data is accessed to a CPS alarm system and/or a CMDB alarm system;
determining the log alarm level of the service according to the quantitative parameter value of the log alarm of the service;
wherein the third relation model is:
Q3=R1*E1+R2*E2
wherein Q is3Quantitative parameter value, R, representing log alarms of a service1Representing the quantitative parameter value corresponding to the access to the CPS alarm system, E1Indicating the number of persons to be handled, R, who are connected to and configured in a CPS alarm system2Representing the quantitative parameter value corresponding to the access to the CMDB alarm system, E2Representing the number of persons handling access to the CMDB alarm system and configured.
In this example, it should be noted that a quantitative parameter value of the log monitoring location of the service corresponding to the log monitoring location level of the service is set, so that a range within which the quantitative parameter value of the log monitoring location of the service falls is determined according to the quantitative parameter value of the log monitoring location of the service calculated by the third relation model, and then the log alarm level of the service is determined.
In this embodiment, for example, if the log data of the service J2 accesses the quantization parameter value 25 corresponding to the CPS alarm system, the number of processing persons configured by the log data of the service J2 accessing the CPS alarm system is 2, the log data of the service J2 does not access the CMDB alarm system, and the corresponding quantization parameter value is 0, the following calculation is performed according to the third relationship model: q325 × 2+0 × 0 is 50, that is, the quantitative parameter value of the logging specification of the service is 50, which range to fall within is determined, and if 50 falls at one level (logging alarm level), the specification level of the logging specification of the service is determined as one level.
According to the technical scheme, the service operation safety condition judgment method provided by the embodiment of the invention can more accurately determine the log alarm level of the service.
Fig. 2 is a schematic structural diagram of a service operation security condition determining apparatus according to an embodiment of the present invention, as shown in fig. 2, the apparatus includes: a first obtaining module 201, a second obtaining module 202, a third obtaining module 203, and a determining module 204, wherein:
the first obtaining module 201 is configured to obtain log data of a service, and determine a specification level of a log record of the service;
the second obtaining module 202 is configured to obtain log data of the service, and determine a log monitoring and positioning level of the service;
a third obtaining module 203, configured to obtain log data of a service, and determine a log alarm level of the service;
the judging module 204 is configured to judge the operation security level of the service according to one or more of the specification level of the log record of the service, the log monitoring and positioning level of the service, and the log alarm level of the service.
Further, the first obtaining module 201 is specifically configured to:
determining the standard level of the log record of the service according to whether the log data of the service has a preset field; the preset field is one or more of a traceID field, a segmentID field, a logLevel field and a bltag field.
Further, the second obtaining module 202 is specifically configured to:
determining the log monitoring and positioning grade of the service according to whether the log data of the service is accessed to a preset monitoring and positioning system; the preset monitoring and positioning system is one or more of a sky eye log system, a metric monitoring system and a keystroke monitoring system.
Further, the third obtaining module 203 is specifically configured to:
determining the log alarm level of the service according to whether the log data of the service is accessed to a preset alarm system; the preset alarm system is a CPS alarm system and/or a CMDB alarm system.
Further, when determining the specification level of the log record of the service according to whether there is a preset field in the log data of the service, the first obtaining module 201 is specifically configured to:
determining a quantitative parameter value of a log record specification of the service according to a first relation model according to the fact whether log data of the service has one or more of a traceID field, a segmentID field, a logLevel field and a bltag field;
determining the standard grade of the log record of the service according to the quantitative parameter value of the log record standard of the service;
wherein the first relation model is:
Q1=n1*g1+n2*g2+n3*g3+n4*g4
wherein Q is1Quantized parameter values, n, representing a logging specification of a service1Represents the weight coefficient, g, corresponding to the traceID field1Indicating the proportion of the traceID field in the log data, n2Represents the weight coefficient, g, corresponding to the segment ID field2Indicating the proportion of the segmentID field to the log data, n3Representing the weight coefficient corresponding to the logLevel field, g3 representing the proportion of the logLevel field in the log data, n4Indicates the weight coefficient, g, corresponding to the bltag field4Indicating the ratio of the bltag field to the log data.
Further, the second obtaining module 202, when determining the log monitoring and positioning level of the service according to whether the log data of the service is accessed to the preset monitoring and positioning system, is specifically configured to:
determining a quantitative parameter value of the service log monitoring positioning according to a second relation model according to whether the service log data is accessed to one or more of a sky-eye log system, metric monitoring and keystroke monitoring;
determining the log monitoring and positioning grade of the service according to the quantitative parameter value of the log monitoring and positioning of the service;
wherein the second relationship model is:
Q2=(m1+m11)+m2+m3
wherein Q is2Quantitative parameter value, m, representing log monitoring location of service1Representing a quantitative parameter value, m, corresponding to the access to the sky-eye log system11Quantitative parameter values, m, representing access to a sky-eye log system and configured with query tasks and events2Indicating the corresponding quantitative parameter value, m, of the access metric monitoring3Indicating that the access tracece monitors the corresponding quantization parameter value.
Further, when determining the log alarm level of the service according to whether the log data of the service is accessed to the preset alarm system, the third obtaining module 203 is specifically configured to:
determining a quantitative parameter value of the service log alarm according to a third relation model according to whether the service log data is accessed to a CPS alarm system and/or a CMDB alarm system;
determining the log alarm level of the service according to the quantitative parameter value of the log alarm of the service;
wherein the third relation model is:
Q3=R1*E1+R2*E2
wherein Q is3Quantitative parameter value, R, representing log alarms of a service1Representing the quantitative parameter value corresponding to the access to the CPS alarm system, E1Indicating the number of persons to be handled, R, who are connected to and configured in a CPS alarm system2Representing the quantitative parameter value corresponding to the access to the CMDB alarm system, E2Representing the number of persons handling access to the CMDB alarm system and configured.
The device for determining the service operation safety status provided by the embodiment of the present invention can be specifically used for executing the method for determining the service operation safety status of the embodiment, and the technical principle and the beneficial effect thereof are similar, and reference may be specifically made to the embodiment described above, and details are not described here.
Based on the same inventive concept, an embodiment of the present invention provides an electronic device, which specifically includes the following components, with reference to fig. 3: a processor 301, a communication interface 303, a memory 302, and a communication bus 304;
the processor 301, the communication interface 303 and the memory 302 complete communication with each other through the communication bus 304; the communication interface 303 is used for realizing information transmission between related devices such as modeling software, an intelligent manufacturing equipment module library and the like; the processor 301 is used for calling the computer program in the memory 302, and the processor executes the computer program to implement the method provided by the above method embodiments, for example, the processor executes the computer program to implement the following steps: acquiring the log data of the service, and determining the standard level of the log record of the service; acquiring service log data and determining service log monitoring and positioning level; acquiring service log data and determining a service log alarm level; and judging the operation safety condition level of the service according to one or more of the specification level of the log record of the service, the log monitoring and positioning level of the service and the log alarm level of the service.
Based on the same inventive concept, yet another embodiment of the present invention further provides a non-transitory computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, is implemented to perform the methods provided by the above method embodiments, for example, obtaining log data of a service, determining a specification level of a log record of the service; acquiring service log data and determining service log monitoring and positioning level; acquiring service log data and determining a service log alarm level; and judging the operation safety condition level of the service according to one or more of the specification level of the log record of the service, the log monitoring and positioning level of the service and the log alarm level of the service.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods of the various embodiments or some parts of the embodiments.
In addition, in the present invention, terms such as "first" and "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
Moreover, in the present invention, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Furthermore, in the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A method for determining a service operation safety condition is characterized by comprising the following steps:
acquiring log data of a service, and determining the standard level of log records of the service; wherein the obtaining log data of the service and determining a specification level of log records of the service includes: determining the standard level of the log record of the service according to whether the log data of the service has a preset field;
acquiring service log data and determining the service log monitoring and positioning level; the obtaining log data of the service and determining the log monitoring and positioning level of the service includes: determining the log monitoring and positioning grade of the service according to whether the log data of the service is accessed to a preset monitoring and positioning system;
acquiring log data of a service, and determining a log alarm level of the service; the obtaining log data of the service and determining the log alarm level of the service includes: determining the log alarm level of the service according to whether the log data of the service is accessed to a preset alarm system;
and judging the operation safety condition level of the service according to at least two of the specification level of the log record of the service, the log monitoring and positioning level of the service and the log alarm level of the service.
2. The method of claim 1,
the preset field is one or more of a traceID field, a segmentID field, a logLevel field and a bltag field.
3. The method of claim 1,
the preset monitoring and positioning system is one or more of a sky eye log system, a metric monitoring system and a keystroke monitoring system.
4. The method of claim 1,
the preset alarm system is a CPS alarm system and/or a CMDB alarm system.
5. The method of claim 2, wherein determining the specification level of the log record of the service according to whether there is a preset field in the log data of the service comprises:
determining a quantitative parameter value of a log record specification of the service according to a first relation model according to the fact whether the log data of the service has one or more of a traceID field, a segmentID field, a logLevel field and a bltag field;
determining the specification level of the log record of the service according to the quantitative parameter value of the log record specification of the service;
wherein the first relationship model is:
Q1=n1*g1+n2*g2+n3*g3+n4*g4
wherein Q is1A quantization parameter value, n, representing a logging specification of the service1Represents the weight coefficient, g, corresponding to the traceID field1Indicating the proportion of the traceID field in the log data, n2Represents the weight coefficient, g, corresponding to the segment ID field2Indicating the proportion of the segmentID field to the log data, n3Representing the weight coefficient corresponding to the logLevel field, g3 representing the proportion of the logLevel field in the log data, n4Indicates the weight coefficient, g, corresponding to the bltag field4Indicating the ratio of the bltag field to the log data.
6. The method of claim 3, wherein determining the log-monitored location level of the service according to whether the log data of the service is accessed to a preset monitoring location system comprises:
determining a quantitative parameter value of log monitoring positioning of the service according to a second relation model according to whether log data of the service is accessed to one or more of a sky-eye log system, metric monitoring and keystroke monitoring;
determining the log monitoring and positioning grade of the service according to the quantitative parameter value of the log monitoring and positioning of the service;
wherein the second relationship model is:
Q2=(m1+m11)+m2+m3
wherein Q is2Quantitative parameter value, m, representing log monitoring position of said service1Representing a quantitative parameter value, m, corresponding to the access to the sky-eye log system11Quantitative parameter values, m, representing access to a sky-eye log system and configured with query tasks and events2Indicating the corresponding quantitative parameter value, m, of the access metric monitoring3Indicating that the access tracece monitors the corresponding quantization parameter value.
7. The method of claim 4, wherein determining the log alarm level of the service according to whether the log data of the service is accessed to a preset alarm system comprises:
determining a quantitative parameter value of the service log alarm according to a third relation model according to whether the service log data is accessed to a CPS alarm system and/or a CMDB alarm system;
determining the log alarm level of the service according to the quantitative parameter value of the log alarm of the service;
wherein the third relationship model is:
Q3=R1*E1+R2*E2
wherein Q is3Quantitative parameter value, R, representing log alarms of said service1Representing the quantitative parameter value corresponding to the access to the CPS alarm system, E1Indicating the number of persons to be handled, R, who are connected to and configured in a CPS alarm system2Representing the quantitative parameter value corresponding to the access to the CMDB alarm system, E2Representing the number of persons handling access to the CMDB alarm system and configured.
8. A service operation security condition determination device, comprising:
the first acquisition module is used for acquiring the log data of the service and determining the specification level of the log record of the service; the first obtaining module is specifically configured to determine a specification level of a log record of the service according to whether a preset field exists in log data of the service;
the second acquisition module is used for acquiring the log data of the service and determining the log monitoring and positioning level of the service; the second obtaining module is specifically configured to determine a log monitoring and positioning level of the service according to whether log data of the service is accessed to a preset monitoring and positioning system;
the third acquisition module is used for acquiring the log data of the service and determining the log alarm level of the service; the third obtaining module is specifically configured to determine a log alarm level of the service according to whether log data of the service is accessed to a preset alarm system;
and the judging module is used for judging the operation safety condition level of the service according to at least two of the specification level of the log record of the service, the log monitoring and positioning level of the service and the log alarm level of the service.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the method for determining a service operation safety condition according to any one of claims 1 to 7 are implemented when the processor executes the program.
10. A non-transitory computer readable storage medium, on which a computer program is stored, wherein the computer program, when being executed by a processor, implements the steps of the service operation safety condition determination method according to any one of claims 1 to 7.
CN202011218311.7A 2020-11-04 2020-11-04 Service operation safety condition judgment method and device, electronic medium and storage medium Active CN112491584B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011218311.7A CN112491584B (en) 2020-11-04 2020-11-04 Service operation safety condition judgment method and device, electronic medium and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011218311.7A CN112491584B (en) 2020-11-04 2020-11-04 Service operation safety condition judgment method and device, electronic medium and storage medium

Publications (2)

Publication Number Publication Date
CN112491584A CN112491584A (en) 2021-03-12
CN112491584B true CN112491584B (en) 2022-05-20

Family

ID=74928052

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011218311.7A Active CN112491584B (en) 2020-11-04 2020-11-04 Service operation safety condition judgment method and device, electronic medium and storage medium

Country Status (1)

Country Link
CN (1) CN112491584B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114915488A (en) * 2022-06-15 2022-08-16 中国联合网络通信集团有限公司 Flow calculation monitoring method and apparatus

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107678908A (en) * 2017-06-23 2018-02-09 平安科技(深圳)有限公司 Log recording method, device, computer equipment and storage medium
CN110535722A (en) * 2019-08-27 2019-12-03 江苏瑞中数据股份有限公司 A kind of full link operation and monitoring method of the micro services in cross-safety zone domain
CN110851396A (en) * 2019-11-07 2020-02-28 北京集奥聚合科技有限公司 Modeling platform-based micro-service architecture unified log design method
CN110912757A (en) * 2019-12-24 2020-03-24 聚好看科技股份有限公司 Service monitoring method and server

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8935382B2 (en) * 2009-03-16 2015-01-13 Microsoft Corporation Flexible logging, such as for a web server

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107678908A (en) * 2017-06-23 2018-02-09 平安科技(深圳)有限公司 Log recording method, device, computer equipment and storage medium
CN110535722A (en) * 2019-08-27 2019-12-03 江苏瑞中数据股份有限公司 A kind of full link operation and monitoring method of the micro services in cross-safety zone domain
CN110851396A (en) * 2019-11-07 2020-02-28 北京集奥聚合科技有限公司 Modeling platform-based micro-service architecture unified log design method
CN110912757A (en) * 2019-12-24 2020-03-24 聚好看科技股份有限公司 Service monitoring method and server

Also Published As

Publication number Publication date
CN112491584A (en) 2021-03-12

Similar Documents

Publication Publication Date Title
CN108199795B (en) A kind of monitoring method and device of equipment state
CN110166264B (en) Fault positioning method and device and electronic equipment
CN112162878A (en) Database fault discovery method and device, electronic equipment and storage medium
CN108197261A (en) A kind of wisdom traffic operating system
CN105095052B (en) Fault detection method under SOA environment and device
CN101997709B (en) Root alarm data analysis method and system
CN105516130A (en) Data processing method and device
CN110457175B (en) Service data processing method and device, electronic equipment and medium
CN111125056A (en) Automatic operation and maintenance system and method for information system database
CN108924084A (en) A kind of network equipment safety evaluation method and device
CN115378711B (en) Intrusion detection method and system for industrial control network
CN112491584B (en) Service operation safety condition judgment method and device, electronic medium and storage medium
CN114338372A (en) Network information security monitoring method and system
CN112965973A (en) Distributed database monitoring method and device based on full link monitoring
CN110889597A (en) Method and device for detecting abnormal business timing sequence indexes
CN114531338A (en) Monitoring alarm and tracing method and system based on call chain data
CN114331055A (en) Enterprise safety production risk early warning method, device, equipment and storage medium
CN117349502A (en) Operation and maintenance data query analysis method and system based on internet data center
CN112861142A (en) Database risk level determination method and device, storage medium and electronic device
CN116380228A (en) Method, system, terminal and storage medium for monitoring operation of weighing apparatus
CN112765553B (en) Engineering project management system based on big data
CN115277472A (en) Network security risk early warning system and method for multidimensional industrial control system
CN115480997A (en) Index abnormity warning method and device, electronic equipment and storage medium
CN114510389A (en) Multi-node fusion monitoring and supervising method based on block chain
CN118331823B (en) Method and system for managing and monitoring alarm of space engineering business operation log

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant