CN112532435B - Operation and maintenance method, operation and maintenance management platform, equipment and medium - Google Patents
Operation and maintenance method, operation and maintenance management platform, equipment and medium Download PDFInfo
- Publication number
- CN112532435B CN112532435B CN202011310314.3A CN202011310314A CN112532435B CN 112532435 B CN112532435 B CN 112532435B CN 202011310314 A CN202011310314 A CN 202011310314A CN 112532435 B CN112532435 B CN 112532435B
- Authority
- CN
- China
- Prior art keywords
- operation data
- data
- management platform
- equipment
- maintenance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0604—Management of faults, events, alarms or notifications using filtering, e.g. reduction of information by using priority, element types, position or time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/06—Generation of reports
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses an operation and maintenance method, an operation and maintenance management platform, equipment and a medium, wherein the method comprises the following steps: acquiring first operation data reported by an EDR centralized management platform in a target network, wherein the first operation data is data collected by an EDR terminal agent deployed on terminal equipment to be monitored in the target network and reported to the EDR centralized management platform; acquiring second operation data reported by an outlet gateway in a target network, wherein the second operation data are data on first network equipment to be monitored in the target network acquired by the outlet gateway, and the first network equipment to be monitored is equipment indirectly communicated with the operation and maintenance management platform in the target network; and operating and maintaining the equipment in the target network according to the first operation data, the second operation data and a preset alarm rule. Therefore, the centralized operation and maintenance control can be carried out on the equipment in the enterprise-level data center, the complexity of operation and maintenance is reduced, and the efficiency of operation and maintenance is improved.
Description
Technical Field
The present application relates to the field of computer security technologies, and in particular, to an operation and maintenance method, an operation and maintenance management platform, an apparatus, and a medium.
Background
Along with the increasing scale of enterprise data centers, the types and the number of deployed terminal devices and the like are continuously increased, including various security devices, digital communication products, servers and the like, so that operation and maintenance management of multiple terminal devices of an enterprise data center are difficult, and operation and maintenance complexity is high and efficiency is low by respectively carrying out independent operation and maintenance on different devices. Therefore, how to perform centralized operation and maintenance control on multiple devices of an enterprise-level data center is a problem to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, the present application aims to provide an operation and maintenance method, an operation and maintenance management platform, a device, and a medium, which can perform centralized operation and maintenance management and control on devices in an enterprise data center, reduce operation and maintenance complexity, and improve operation and maintenance efficiency. The specific scheme is as follows:
in a first aspect, the application discloses an operation and maintenance method applied to an operation and maintenance management platform, comprising the following steps:
acquiring first operation data reported by an EDR centralized management platform in a target network, wherein the first operation data is data collected by an EDR terminal agent deployed on terminal equipment to be monitored in the target network and reported to the EDR centralized management platform;
Acquiring second operation data reported by an outlet gateway in the target network, wherein the second operation data are data on first network equipment to be monitored in the target network acquired by the outlet gateway, and the first network equipment to be monitored is equipment indirectly communicated with the operation and maintenance management platform in the target network;
and operating and maintaining the equipment in the target network according to the first operation data, the second operation data and a preset alarm rule.
Optionally, the method further comprises:
acquiring third operation data reported by second network equipment to be monitored in the target network, wherein the third operation data is the operation data of the second network equipment to be monitored, which is acquired by the second network equipment to be monitored, and the second network equipment to be monitored is equipment which is in direct communication with the operation and maintenance management platform;
correspondingly, the operation and maintenance of the device in the target network according to the first operation data, the second operation data and the preset alarm rule specifically includes:
and carrying out operation and maintenance on the equipment in the target network according to the first operation data, the second operation data, the third operation data and a preset alarm rule.
Optionally, the operating the device in the target network according to the first operation data, the second operation data, the third operation data and a preset alarm rule includes:
alarming equipment in the target network according to the first operation data, the second operation data, the third operation data and a preset alarming rule;
and carrying out statistical analysis on the first operation data, the second operation data and/or the third operation data, and carrying out visual display on a statistical analysis result.
Optionally, the alarming the device in the target network according to the first operation data, the second operation data, the third operation data and a preset alarming rule includes:
analyzing the first operation data, the second operation data and the third operation data to obtain target information;
determining user information according to the target information and determining a target alarm rule from preset alarm rules;
judging whether the first operation data, the second operation data and the third operation data meet the alarm conditions in the target alarm rule or not;
If yes, corresponding alarm is initiated according to the user information.
Optionally, before the corresponding alarm is initiated according to the user information, the method further includes:
if the first operation data, the second operation data and/or the third operation data meet the alarm conditions in the target alarm rules, determining whether the first operation data, the second operation data and/or the third operation data meet the alarm suppression rules in the target alarm rules according to the historical alarm data stored in a database;
and if the first operation data, the second operation data and/or the third operation data do not meet the alarm suppression rule in the target alarm rule, initiating a corresponding alarm according to the user information.
Optionally, before acquiring the reported first operation data and the reported second operation data, the method further includes:
acquiring a pre-configured monitoring strategy and the alarm rule, wherein the monitoring strategy comprises a monitoring data type and a data acquisition interval;
and issuing the monitoring strategy to the EDR centralized management platform and the export gateway so that the EDR centralized management platform issues the monitoring strategy to an EDR terminal agent corresponding to the EDR centralized management platform.
Optionally, the issuing the monitoring policy to the EDR centralized management platform and the egress gateway includes:
and respectively issuing the monitoring strategy to a first SDK data acquisition plug-in of the EDR centralized management platform and a second SDK data acquisition plug-in of the export gateway so that the second SDK data acquisition plug-in the export gateway can acquire the data on the first network device to be monitored according to the monitoring strategy and a simple network management protocol.
In a second aspect, the present application discloses an operation and maintenance management platform, including:
the system comprises a first data acquisition module, a second data acquisition module and a data processing module, wherein the first data acquisition module is used for acquiring first operation data reported by an EDR centralized management platform in a target network, wherein the first operation data is data acquired by an EDR terminal agent deployed on terminal equipment to be monitored in the target network and reported to the EDR centralized management platform;
the second data acquisition module is used for acquiring second operation data reported by an outlet gateway in the target network, wherein the second operation data are data on first network equipment to be monitored in the target network acquired by the outlet gateway, and the first network equipment to be monitored is equipment indirectly communicated with the operation and maintenance management platform in the target network;
And the operation and maintenance module is used for operating and maintaining the equipment in the target network according to the first operation data, the second operation data and a preset alarm rule.
In a third aspect, the present application discloses an electronic device, comprising:
a memory and a processor;
wherein the memory is used for storing a computer program;
the processor is configured to execute the computer program to implement the foregoing disclosed operation and maintenance method.
In a fourth aspect, the present application discloses a computer readable storage medium for storing a computer program, wherein the computer program when executed by a processor implements the previously disclosed method of operation and maintenance.
The method comprises the steps of acquiring first operation data reported by an EDR centralized management platform in a target network, wherein the first operation data is data collected by an EDR terminal agent deployed on terminal equipment to be monitored in the target network and reported to the EDR centralized management platform, and acquiring second operation data reported by an outlet gateway in the target network, wherein the second operation data is data collected by the outlet gateway on first network equipment to be monitored in the target network, and the first network equipment to be monitored is equipment indirectly communicated with an operation and maintenance management platform in the target network, and then operation and maintenance can be performed on equipment in the target network according to the first operation data, the second operation data and preset alarm rules. Therefore, the operation data acquired by the EDR terminal agent on the terminal equipment to be monitored and uploaded by the EDR centralized management platform can be directly acquired by the operation and maintenance management platform, so that the data acquisition of the terminal equipment to be monitored in the target network is realized, the operation data on the first network equipment to be monitored can be acquired through the export gateway, then the operation data uploaded by the export gateway is acquired by the operation and maintenance management platform, the data acquisition of the first network equipment to be monitored, which cannot be directly communicated with the operation and maintenance management platform, in the target network is realized, then the operation and maintenance management platform can carry out operation and maintenance management on the equipment in the target network according to the acquired operation data and a preset alarm rule, and thus, the operation and maintenance management platform can carry out centralized operation and maintenance management on each equipment in the target network, the operation and maintenance complexity is reduced, and the operation and maintenance efficiency is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of an operation and maintenance method disclosed by the application;
FIG. 2 is a schematic diagram illustrating a portion of a specific operation and maintenance platform according to the present application for data acquisition;
FIG. 3 is a flowchart of a specific operation and maintenance method disclosed in the present application;
FIG. 4 is a schematic diagram of a monitoring policy issuing scheme disclosed in the present application;
FIG. 5 is a schematic diagram illustrating a portion of a specific operation and maintenance platform for data acquisition according to the present application;
FIG. 6 is a flow chart of an alarm disclosed in the present application;
FIG. 7 is an overall frame diagram of an operation and maintenance method of the present disclosure;
FIG. 8 is a schematic diagram of an operation and maintenance management platform according to the present application;
fig. 9 is a schematic structural diagram of an electronic device according to the present disclosure.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Referring to fig. 1, an embodiment of the present application discloses an operation and maintenance method, which is applied to an operation and maintenance management platform, and the method includes:
step S11: and acquiring first operation data reported by an EDR centralized management platform in a target network, wherein the first operation data is data collected by an EDR terminal agent deployed on terminal equipment to be monitored in the target network and reported to the EDR centralized management platform.
In a specific real-time process, the operation and maintenance management platform is used for performing centralized operation and maintenance management and control on the devices in the target network, wherein the target network can be an enterprise-level intranet.
The terminal equipment to be monitored can be accessed to the operation and maintenance management platform through an EDR terminal agent and an EDR centralized management platform, and the terminal equipment to be monitored can be terminal equipment which is provided with Linux and WINDOWS in general.
For the terminal equipment to be monitored, an EDR (Endpoint Detection and Response, terminal detection and response platform) terminal Agent (Agent) can be deployed on the terminal equipment to be monitored, and the EDR terminal agents on the terminal equipment to be monitored are managed through an EDR centralized management platform (MGR), and then the EDR centralized management platform is accessed into the operation and maintenance management platform, so that the terminal equipment to be monitored is accessed into the operation and maintenance management platform. The terminal equipment to be monitored can comprise a plurality of devices, so that the EDR centralized management platform can correspond to a plurality of EDR terminal agents.
Therefore, the EDR terminal agent can collect first operation data on the terminal equipment to be monitored, report the first operation data to the EDR centralized management platform, and report the first operation data to the operation and maintenance management platform by the EDR centralized management platform, so that the operation and maintenance management platform can acquire the first operation data reported by the EDR centralized management platform.
Referring to fig. 2, a schematic diagram of a portion of the operation and maintenance management platform for data acquisition is shown. Firstly, each EDR terminal agent (EDR 1, EDR2 and EDR 3) collects operation data on corresponding terminal equipment to be monitored, then the collected operation data is reported to an EDR centralized management platform, and then the EDR centralized management platform reports the operation data to an operation and maintenance management platform.
Step S12: obtaining second operation data reported by an outlet gateway in the target network, wherein the second operation data are data on first network equipment to be monitored in the target network, which are acquired by the outlet gateway, and the first network equipment to be monitored are equipment which is indirectly communicated with the operation and maintenance management platform in the target network.
And the target network is also provided with first network equipment to be monitored which cannot be directly communicated with the operation and maintenance management platform, and second operation data of the first network equipment to be monitored can be acquired through an export gateway for the first network equipment to be monitored. Wherein the egress gateway is typically a network egress level firewall, i.e. an external firewall connecting the target network and the internet. The first network device to be monitored is an AC (Access Controller ), AF (Application Firewall, application firewall), AD, or the like, which is deployed in the network.
Therefore, the second operation data on the first network equipment to be monitored in the target network can be collected by the export gateway, and the collected second operation data is reported to the operation and maintenance management platform, so that the operation and maintenance management platform needs to obtain the second operation data reported by the export gateway.
Step S13: and operating and maintaining the equipment in the target network according to the first operation data, the second operation data and a preset alarm rule.
It can be understood that after the operation and maintenance management platform obtains the first operation data and the second operation data, the operation and maintenance can be performed on the devices in the target network according to the first operation data, the second operation data and the preset alarm rule.
Specifically, the device in the target network may be alerted according to the first operation data, the second operation data and a preset alerting rule, or the first operation data and the second operation data may be statistically analyzed, visually displayed, stored in a warehouse, and the like.
That is, the operation condition of the equipment in the target network is determined according to the first operation data and the second operation data, when the equipment in the target network is abnormal in operation, a corresponding alarm is sent, statistical analysis, visual display and warehousing storage are performed on the acquired operation data, so that operation and maintenance personnel can intuitively see the operation condition of the equipment in the target network, and later operations such as equipment performance analysis can be performed according to the stored operation data.
The method comprises the steps of acquiring first operation data reported by an EDR centralized management platform in a target network, wherein the first operation data is data collected by an EDR terminal agent deployed on terminal equipment to be monitored in the target network and reported to the EDR centralized management platform, and acquiring second operation data reported by an outlet gateway in the target network, wherein the second operation data is data collected by the outlet gateway on first network equipment to be monitored in the target network, and the first network equipment to be monitored is equipment indirectly communicated with an operation and maintenance management platform in the target network, and then operation and maintenance can be performed on equipment in the target network according to the first operation data, the second operation data and preset alarm rules. Therefore, the operation data acquired by the EDR terminal agent on the terminal equipment to be monitored and uploaded by the EDR centralized management platform can be directly acquired by the operation and maintenance management platform, so that the data acquisition of the terminal equipment to be monitored in the target network is realized, the operation data on the first network equipment to be monitored can be acquired through the export gateway, then the operation data uploaded by the export gateway is acquired by the operation and maintenance management platform, the data acquisition of the first network equipment to be monitored, which cannot be directly communicated with the operation and maintenance management platform, in the target network is realized, then the operation and maintenance management platform can carry out operation and maintenance management on the equipment in the target network according to the acquired operation data and a preset alarm rule, and thus, the operation and maintenance management platform can carry out centralized operation and maintenance management on each equipment in the target network, the operation and maintenance complexity is reduced, and the operation and maintenance efficiency is improved.
Referring to fig. 3, an embodiment of the present application discloses a specific operation and maintenance method, which is applied to an operation and maintenance management platform, and the method includes:
step S21: and acquiring a pre-configured monitoring strategy and an alarm rule, wherein the monitoring strategy comprises a monitoring data type and a data acquisition interval.
In practical application, a pre-configured monitoring policy and the alarm rule need to be acquired, wherein the monitoring policy comprises a monitoring data type and a data acquisition interval, the alarm rule comprises an alarm condition and an alarm suppression rule, the alarm condition, namely when running data meets what condition, needs to be alarmed, comprises an alarm threshold value and the like, and the alarm suppression rule represents the maximum alarm times, alarm frequency and the like of the same alarm transmission.
Specifically, the operation and maintenance management platform provides a policy configuration interface to support user-defined monitoring data types, alarm thresholds, data acquisition intervals and the like of the terminal equipment. Therefore, a pre-configured monitoring policy and an alarm rule need to be acquired first, so that data acquisition can be performed according to the monitoring policy, whether the operation of the equipment in the target network is abnormal or not can be judged according to the alarm rule, and corresponding alarm and the like are performed on the equipment with abnormal operation.
Step S22: and issuing the monitoring strategy to an EDR centralized management platform and an export gateway so that the EDR centralized management platform issues the monitoring strategy to an EDR terminal agent corresponding to the EDR centralized management platform.
It can be understood that after the monitoring policy and the alarm rule are obtained, the monitoring policy needs to be issued to an EDR centralized management platform and an export gateway, so that the EDR centralized management platform issues the monitoring policy to an EDR terminal agent corresponding to the EDR centralized management platform, and the EDR terminal agent and the export gateway can collect data according to the received monitoring policy.
Specifically, the monitoring policy is respectively issued to a first SDK (Software Development Kit ) data acquisition plug-in of the EDR centralized management platform and a second SDK data acquisition plug-in of the export gateway, so that the second SDK data acquisition plug-in of the export gateway acquires data on the first network device to be monitored according to the monitoring policy and a simple network management protocol (Simple Network Management Protocol, SNMP).
That is, the export gateway and the EDR centralized management platform are both provided with SDK data acquisition plug-ins, and the operation and maintenance management platform can directly issue the monitoring policy to the first SDK data acquisition plug-ins of the EDR centralized management platform and the second SDK data acquisition plug-ins of the export gateway. The second SDK data collection plug-in the egress gateway may collect data on the first network device to be monitored according to the monitoring policy and a simple network management protocol.
Referring to fig. 4, a schematic diagram of monitoring policy issuing is shown. The cloud image in the figure is the operation and maintenance management platform. The operation and maintenance management platform respectively transmits the monitoring strategies to an export gateway (AF, application Firewall) and the EDR centralized management platform, the EDR centralized management platform transmits the received monitoring strategies to corresponding EDR terminal agents, and the EDR terminal agents can acquire data according to the monitoring strategies. After receiving the monitoring policy, the SDK data collection plug-in the egress gateway may also collect data on the first network device to be monitored according to the monitoring policy and a simple network management protocol.
Step S23: and acquiring first operation data reported by an EDR centralized management platform in a target network, wherein the first operation data is data collected by an EDR terminal agent deployed on terminal equipment to be monitored in the target network and reported to the EDR centralized management platform.
After the EDR terminal agent acquires the monitoring strategy, the EDR terminal agent can acquire first operation data of a corresponding type according to the type of the monitoring data in the monitoring strategy, acquire the first operation data according to the data acquisition interval in the monitoring strategy, upload the acquired data to the EDR centralized management platform, and the EDR centralized management platform can report the first operation data acquired in real time to the operation and maintenance management platform, so that the operation and maintenance management platform needs to acquire the first operation data reported by the EDR centralized management platform.
Specifically, the operation and maintenance management platform acquires first operation data reported by an EDR centralized management platform in a target network through local KafKa, and stores the first operation data into a local ES database. Wherein, kafKa is a high throughput distributed publish-subscribe messaging system that can handle all action flow data of consumers in websites. ES (ElasticSearch) is a distributed document database in which each field can be indexed and the data for each field can be searched.
Step S24: obtaining second operation data reported by an outlet gateway in the target network, wherein the second operation data are data on first network equipment to be monitored in the target network, which are acquired by the outlet gateway, and the first network equipment to be monitored are equipment which is indirectly communicated with the operation and maintenance management platform in the target network.
Correspondingly, after receiving the monitoring policy, the egress gateway can collect second operation data on the first network device to be monitored through an SNMP protocol according to the monitoring policy, and report the collected second operation data to the operation and maintenance management platform, so that the operation and maintenance management platform needs to obtain the second operation data reported by the egress gateway.
Specifically, the operation and maintenance management platform acquires second operation data reported by an outlet gateway in the target network through local KafKa, and stores the second operation data into a local ES database. That is, the operation and maintenance management platform obtains the operation data by using KafKa, and stores the obtained operation data in the ES database, so that KafKa is a data channel and can buffer the data.
Step S25: and acquiring third operation data reported by second network equipment to be monitored in the target network, wherein the third operation data is the operation data of the second network equipment to be monitored, which is acquired by the second network equipment to be monitored, and the second network equipment to be monitored is equipment which is in direct communication with the operation and maintenance management platform.
The target network further comprises second network equipment to be monitored, which can directly communicate with the operation and maintenance management platform, the second network equipment to be monitored can collect own operation data and report the collected operation data to the operation and maintenance management platform as third operation data, so that the operation and maintenance management platform needs to obtain the third operation data reported by the second network equipment to be monitored in the target network. The second network device to be monitored is also AD, AC, AF or the like. And the second network device to be monitored may be the egress gateway, that is, the egress gateway may collect its own operation data and report the operation and maintenance management platform.
And when the exit gateway is an exit firewall, the second network equipment to be monitored is a firewall. Fig. 5 is a schematic diagram of a portion of the operation and maintenance management platform for data acquisition. The outlet firewall (firewall 1) may collect operational data on a plurality of data communication devices (i.e., a plurality of first network devices to be monitored). After the outlet firewall (firewall 1) collects the operation data from the corresponding digital equipment, the collected operation data is reported to the operation and maintenance management platform, so that the operation and maintenance management platform can acquire the operation data reported by the outlet gateway. And the firewalls 2 and 3 are the second network equipment to be monitored, and the operation data of the firewalls need to be reported to the operation and maintenance management platform.
Step S26: and carrying out operation and maintenance on the equipment in the target network according to the first operation data, the second operation data, the third operation data and a preset alarm rule.
After the first operation data, the second operation data and the third operation data are obtained, operation and maintenance are required to be performed on the equipment in the target network according to the first operation data, the second operation data, the third operation data and a preset alarm rule.
Specifically, the operation condition of the device in the target network needs to be determined according to the first operation data, the second operation data, the third operation data and a preset alarm rule, and when the operation condition of the device is abnormal, a dependent alarm is performed.
In a specific implementation process, the first operation data, the second operation data and the third operation data may be analyzed first to obtain target information; determining user information according to the target information and determining a target alarm rule from preset alarm rules; judging whether the first operation data, the second operation data and the third operation data meet the alarm conditions in the target alarm rule or not; if yes, a corresponding alarm is initiated according to the user information. Wherein the target information includes device information and a data type. The user information comprises the contact information of the user during alarming, such as user WeChat and the like, and the target information is information of monitored equipment in the target network.
That is, the first operation data, the second operation data and the third operation data need to be analyzed first to obtain corresponding device information and data types, and then user information can be determined according to the device information and the data types, and a target alarm rule can be determined from preset alarm rules. In practical application, the alarm rules corresponding to different devices and different data are generally different, so that corresponding device information and data types are needed to be obtained first, then the target alarm rule is determined according to the device information and the data types, and therefore when an alarm is carried out according to the target alarm rule, the number of false alarms can be reduced, and the alarm accuracy is improved.
After the target alarm rule is determined, whether the equipment is abnormal or not can be determined by judging whether the first operation data, the second operation data and the third operation data meet the alarm conditions in the target alarm rule, when the alarm conditions in the target alarm rule are met, the corresponding equipment is indicated to be abnormal, and corresponding alarm can be initiated according to the user information.
In practical application, in order to prevent the same alarm of the same device from being continuously initiated multiple times or being initiated too frequently, the alarm rule may include an alarm suppression rule, and the number of alarms and the alarm time interval of the same alarm of the same device are used as limitations.
When the alarm rule includes an alarm suppression rule, after the first operation data, the second operation data and the third operation data meet the alarm condition in the target alarm rule, before initiating a corresponding alarm according to the user information, the method further includes: if the first operation data, the second operation data and/or the third operation data meet the alarm conditions in the target alarm rules, determining whether the first operation data, the second operation data and/or the third operation data meet the alarm suppression rules in the target alarm rules according to the historical alarm data stored in a database; and if the first operation data, the second operation data and/or the third operation data do not meet the alarm suppression rule in the target alarm rule, an alarm is initiated according to the user information.
For example, after the first operation data, the second operation data and/or the third operation data meet the alarm conditions in the target alarm rule, judging whether the number of alarms sent to the user by the current alarm within the past preset time is greater than or equal to a preset alarm number threshold, and if not, initiating a corresponding alarm according to the user information. Or after the first operation data, the second operation data and/or the third operation data meet the alarm conditions in the target alarm rule, judging whether the time interval of the current alarm distance for sending the same alarm to the user last time is smaller than a preset time interval, and if not, initiating a corresponding alarm according to the user information.
Referring to fig. 6, an alarm flow chart is shown. When one piece of operation and maintenance data is read from KafKa, analyzing the read operation and maintenance data to obtain equipment information and data types, acquiring user information and alarm setting (namely the target alarm rule) according to the equipment information and the data types, reading data meeting alarm conditions in an alarm period in historical data so as to determine whether the current operation and maintenance data meet the alarm conditions, if so, acquiring the pushing times of the alarm information of the user class in a certain period, judging whether the pushing times meet alarm limit, if not, recording alarm times, pushing the alarm information, and storing the alarm-related data in a warehouse.
Step S27: and carrying out statistical analysis on the first operation data, the second operation data and/or the third operation data, and carrying out visual display on a statistical analysis result.
In practical application, the first operation data, the second operation data and/or the third operation data can be subjected to statistical analysis, and the statistical analysis result is subjected to visual display, so that operation and maintenance personnel can know the operation condition of equipment in the target network and perform equipment maintenance.
Referring to fig. 7, an overall framework diagram of the operation and maintenance method is shown. The operation and maintenance management platform provides a preset interface for a user to perform configuration of monitoring strategies and the like, then a strategy management part in the operation and maintenance management platform issues the monitoring strategies to corresponding equipment, wherein the equipment comprises an export gateway and equipment provided with an EDR terminal agent, the corresponding equipment can perform operation data acquisition according to the monitoring strategies, and the acquired data can be reported to KafKa of the operation and maintenance management platform, and can also store the operation data as alarm data in an ES database, and transmit the alarm data to an alarm module in the operation and maintenance management platform for alarm analysis, and send corresponding alarm information, and the alarm data is transmitted to a data display part in the operation and maintenance management platform for data statistical analysis and visual display.
Referring to fig. 8, an embodiment of the present application discloses an operation and maintenance management platform, which includes:
the first data acquisition module 11 is configured to acquire first operation data reported by an EDR centralized management platform in a target network, where the first operation data is data acquired by an EDR terminal agent deployed on terminal equipment to be monitored in the target network and reported to the EDR centralized management platform; the method comprises the steps of carrying out a first treatment on the surface of the
The second data acquisition module 12 is configured to obtain second operation data reported by an egress gateway in the target network, where the second operation data is data on a first network device to be monitored in the target network acquired by the egress gateway, and the first network device to be monitored is a device in the target network that indirectly communicates with the operation and maintenance management platform;
and the operation and maintenance module 13 is configured to perform operation and maintenance on the devices in the target network according to the first operation data, the second operation data and a preset alarm rule.
The method comprises the steps of acquiring first operation data reported by an EDR centralized management platform in a target network, wherein the first operation data is data collected by an EDR terminal agent deployed on terminal equipment to be monitored in the target network and reported to the EDR centralized management platform, and acquiring second operation data reported by an outlet gateway in the target network, wherein the second operation data is data collected by the outlet gateway on first network equipment to be monitored in the target network, and the first network equipment to be monitored is equipment indirectly communicated with an operation and maintenance management platform in the target network, and then operation and maintenance can be performed on equipment in the target network according to the first operation data, the second operation data and preset alarm rules. Therefore, the operation data acquired by the EDR terminal agent on the terminal equipment to be monitored and uploaded by the EDR centralized management platform can be directly acquired by the operation and maintenance management platform, so that the data acquisition of the terminal equipment to be monitored in the target network is realized, the operation data on the first network equipment to be monitored can be acquired through the export gateway, then the operation data uploaded by the export gateway is acquired by the operation and maintenance management platform, the data acquisition of the first network equipment to be monitored, which cannot be directly communicated with the operation and maintenance management platform, in the target network is realized, then the operation and maintenance management platform can carry out operation and maintenance management on the equipment in the target network according to the acquired operation data and a preset alarm rule, and thus, the operation and maintenance management platform can carry out centralized operation and maintenance management on each equipment in the target network, the operation and maintenance complexity is reduced, and the operation and maintenance efficiency is improved.
Further, the operation and maintenance device further includes:
the third data acquisition module is used for acquiring third operation data reported by second network equipment to be monitored in the target network, wherein the third operation data are the operation data of the second network equipment to be monitored, which are acquired by the second network equipment to be monitored, and the second network equipment to be monitored are equipment which is in direct communication with the operation and maintenance management platform;
accordingly, the operation and maintenance module 13 is configured to: and carrying out operation and maintenance on the equipment in the target network according to the first operation data, the second operation data, the third operation data and a preset alarm rule.
Further, the operation and maintenance module 13 is configured to:
alarming equipment in the target network according to the first operation data, the second operation data, the third operation data and a preset alarming rule;
and carrying out statistical analysis on the first operation data, the second operation data and/or the third operation data, and carrying out visual display on a statistical analysis result.
Further, the operation and maintenance module 13 is configured to:
analyzing the first operation data, the second operation data and the third operation data to obtain target information;
Determining user information according to the target information and determining a target alarm rule from preset alarm rules;
judging whether the first operation data, the second operation data and the third operation data meet the alarm conditions in the target alarm rule or not;
if yes, corresponding alarm is initiated according to the user information.
Further, the operation and maintenance module 13 is configured to:
when the first operation data, the second operation data and/or the third operation data meet the alarm conditions in the target alarm rules, determining whether the first operation data, the second operation data and/or the third operation data meet the alarm suppression rules in the target alarm rules according to the historical alarm data stored in a database;
and if the first operation data, the second operation data and/or the third operation data do not meet the alarm suppression rule in the target alarm rule, initiating a corresponding alarm according to the user information.
Specifically, the operation and maintenance management platform further comprises:
the strategy acquisition module is used for acquiring a pre-configured monitoring strategy and the alarm rule, wherein the monitoring strategy comprises a monitoring data type and a data acquisition interval;
And the policy issuing module is used for issuing the monitoring policy to the EDR centralized management platform and the export gateway so that the EDR centralized management platform issues the monitoring policy to an EDR terminal agent corresponding to the EDR centralized management platform.
Specifically, the policy issuing module is configured to:
and respectively issuing the monitoring strategy to a first SDK data acquisition plug-in of the EDR centralized management platform and a second SDK data acquisition plug-in of the export gateway so that the second SDK data acquisition plug-in the export gateway can acquire the data on the first network device to be monitored according to the monitoring strategy and a simple network management protocol.
Referring to fig. 9, a schematic structural diagram of an electronic device 20 according to an embodiment of the present application is shown, where the electronic device 20 can implement the operation and maintenance method disclosed in the foregoing embodiment.
Generally, the electronic apparatus 20 in the present embodiment includes: a processor 21 and a memory 22.
Processor 21 may include one or more processing cores, such as a four-core processor, an eight-core processor, or the like, among others. The processor 21 may be implemented using at least one hardware selected from DSP (digital signal processing ), FPGA (field-programmable gate array, field programmable array), PLA (programmable logic array ). The processor 21 may also include a main processor, which is a processor for processing data in an awake state, also called a CPU (central processing unit, medium-sized processor), and a coprocessor; a coprocessor is a low-power processor for processing data in a standby state. In some embodiments, the processor 21 may be integrated with a GPU (graphics processing unit, image processor) for taking care of rendering and drawing of images that the display screen is required to display. In some embodiments, the processor 21 may include an AI (artificial intelligence ) processor for processing computing operations related to machine learning.
Memory 22 may include one or more computer-readable storage media, which may be non-transitory. Memory 22 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 22 is at least used for storing a computer program 221, which, when loaded and executed by the processor 21, is capable of implementing the operation and maintenance method steps disclosed in any of the foregoing embodiments.
In some embodiments, the electronic device 20 may further include a display screen 23, an input-output interface 24, a communication interface 25, a sensor 26, a power supply 27, and a communication bus 28.
It will be appreciated by those skilled in the art that the structure shown in fig. 9 is not limiting of the electronic device 20 and may include more or fewer components than shown.
Further, the embodiment of the application also discloses a computer readable storage medium for storing a computer program, wherein the computer program is executed by a processor to implement the operation and maintenance method disclosed in any of the previous embodiments.
The specific process of the operation and maintenance method may refer to the corresponding content disclosed in the foregoing embodiment, and will not be described herein.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it is further noted that relational terms such as first and second are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a list of processes, methods, articles, or apparatus that comprises other elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing describes in detail an operation and maintenance method, an operation and maintenance management platform, an apparatus, and a medium, and specific examples are applied to illustrate the principles and embodiments of the present application, and the description of the foregoing examples is only used to help understand the method and core idea of the present application; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.
Claims (10)
1. An operation and maintenance method is applied to an operation and maintenance management platform, and comprises the following steps:
acquiring first operation data reported by an EDR centralized management platform in a target network, wherein the first operation data is data collected by an EDR terminal agent deployed on terminal equipment to be monitored in the target network and reported to the EDR centralized management platform;
acquiring second operation data reported by an outlet gateway in the target network, wherein the second operation data are data on first network equipment to be monitored in the target network acquired by the outlet gateway, and the first network equipment to be monitored is equipment indirectly communicated with the operation and maintenance management platform in the target network;
And operating and maintaining the equipment in the target network according to the first operation data, the second operation data and a preset alarm rule.
2. The operation and maintenance method according to claim 1, further comprising:
acquiring third operation data reported by second network equipment to be monitored in the target network, wherein the third operation data is the operation data of the second network equipment to be monitored, which is acquired by the second network equipment to be monitored, and the second network equipment to be monitored is equipment which is in direct communication with the operation and maintenance management platform;
correspondingly, the operation and maintenance of the device in the target network according to the first operation data, the second operation data and the preset alarm rule specifically includes:
and carrying out operation and maintenance on the equipment in the target network according to the first operation data, the second operation data, the third operation data and a preset alarm rule.
3. The operation and maintenance method according to claim 2, wherein the operation and maintenance of the device in the target network according to the first operation data, the second operation data, the third operation data, and a preset alarm rule includes:
Alarming equipment in the target network according to the first operation data, the second operation data, the third operation data and a preset alarming rule;
and carrying out statistical analysis on the first operation data, the second operation data and/or the third operation data, and carrying out visual display on a statistical analysis result.
4. The operation and maintenance method according to claim 3, wherein the alerting the device in the target network according to the first operation data, the second operation data, the third operation data, and a preset alerting rule comprises:
analyzing the first operation data, the second operation data and the third operation data to obtain target information;
determining user information according to the target information and determining a target alarm rule from preset alarm rules;
judging whether the first operation data, the second operation data and the third operation data meet the alarm conditions in the target alarm rule or not;
if yes, corresponding alarm is initiated according to the user information.
5. The operation and maintenance method according to claim 4, wherein before the corresponding alert is initiated according to the user information, further comprising:
If the first operation data, the second operation data and/or the third operation data meet the alarm conditions in the target alarm rules, determining whether the first operation data, the second operation data and/or the third operation data meet the alarm suppression rules in the target alarm rules according to the historical alarm data stored in a database;
and if the first operation data, the second operation data and/or the third operation data do not meet the alarm suppression rule in the target alarm rule, initiating a corresponding alarm according to the user information.
6. The operation and maintenance method according to any one of claims 1 to 5, further comprising, before acquiring the reported first operation data and the reported second operation data:
acquiring a pre-configured monitoring strategy and the alarm rule, wherein the monitoring strategy comprises a monitoring data type and a data acquisition interval;
and issuing the monitoring strategy to the EDR centralized management platform and the export gateway so that the EDR centralized management platform issues the monitoring strategy to an EDR terminal agent corresponding to the EDR centralized management platform.
7. The operation and maintenance method according to claim 6, wherein said issuing the monitoring policy to the EDR centralized management platform and the egress gateway comprises:
and respectively issuing the monitoring strategy to a first SDK data acquisition plug-in of the EDR centralized management platform and a second SDK data acquisition plug-in of the export gateway so that the second SDK data acquisition plug-in the export gateway can acquire the data on the first network device to be monitored according to the monitoring strategy and a simple network management protocol.
8. An operation and maintenance management platform, comprising:
the system comprises a first data acquisition module, a second data acquisition module and a data processing module, wherein the first data acquisition module is used for acquiring first operation data reported by an EDR centralized management platform in a target network, wherein the first operation data is data acquired by an EDR terminal agent deployed on terminal equipment to be monitored in the target network and reported to the EDR centralized management platform;
the second data acquisition module is used for acquiring second operation data reported by an outlet gateway in the target network, wherein the second operation data are data on first network equipment to be monitored in the target network acquired by the outlet gateway, and the first network equipment to be monitored is equipment indirectly communicated with the operation and maintenance management platform in the target network;
And the operation and maintenance module is used for operating and maintaining the equipment in the target network according to the first operation data, the second operation data and a preset alarm rule.
9. An electronic device, comprising:
a memory and a processor;
wherein the memory is used for storing a computer program;
the processor for executing the computer program to implement the operation and maintenance method of any one of claims 1 to 7.
10. A computer readable storage medium for storing a computer program, wherein the computer program when executed by a processor implements the operation and maintenance method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011310314.3A CN112532435B (en) | 2020-11-20 | 2020-11-20 | Operation and maintenance method, operation and maintenance management platform, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011310314.3A CN112532435B (en) | 2020-11-20 | 2020-11-20 | Operation and maintenance method, operation and maintenance management platform, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112532435A CN112532435A (en) | 2021-03-19 |
| CN112532435B true CN112532435B (en) | 2023-09-08 |
Family
ID=74981968
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011310314.3A Active CN112532435B (en) | 2020-11-20 | 2020-11-20 | Operation and maintenance method, operation and maintenance management platform, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112532435B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113905407B (en) * | 2021-06-29 | 2023-12-15 | 苏州亿尔奇信息科技有限公司 | Terminal equipment monitoring information acquisition method and system in distributed wireless networking |
| CN114143077B (en) * | 2021-11-29 | 2023-11-10 | 北京天融信网络安全技术有限公司 | Terminal safety protection method and device |
| CN115834434B (en) * | 2023-02-07 | 2024-01-26 | 阿里巴巴(中国)有限公司 | Network device control method, control server, proxy device and communication network |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102185716A (en) * | 2011-05-05 | 2011-09-14 | 广东天波信息技术股份有限公司 | Universal management method and system for communication equipment |
| CN107612761A (en) * | 2017-11-06 | 2018-01-19 | 成都西加云杉科技有限公司 | Network equipment alarm method and alarm management device |
| CN111026621A (en) * | 2019-12-23 | 2020-04-17 | 杭州安恒信息技术股份有限公司 | Monitoring alarm method, device, equipment and medium for Elasticissearch cluster |
-
2020
- 2020-11-20 CN CN202011310314.3A patent/CN112532435B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102185716A (en) * | 2011-05-05 | 2011-09-14 | 广东天波信息技术股份有限公司 | Universal management method and system for communication equipment |
| CN107612761A (en) * | 2017-11-06 | 2018-01-19 | 成都西加云杉科技有限公司 | Network equipment alarm method and alarm management device |
| CN111026621A (en) * | 2019-12-23 | 2020-04-17 | 杭州安恒信息技术股份有限公司 | Monitoring alarm method, device, equipment and medium for Elasticissearch cluster |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112532435A (en) | 2021-03-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112532435B (en) | Operation and maintenance method, operation and maintenance management platform, equipment and medium | |
| WO2020259421A1 (en) | Method and apparatus for monitoring service system | |
| CN109088775B (en) | Abnormity monitoring method and device and server | |
| CN108880845A (en) | A kind of method and relevant apparatus of information alert | |
| CN114358106A (en) | System anomaly detection method and device, computer program product and electronic equipment | |
| CN110347694B (en) | Equipment monitoring method, device and system based on Internet of things | |
| CN112948223B (en) | Method and device for monitoring running condition | |
| CN108809720A (en) | The management method and device of alarming assignment in cloud data system | |
| CN115622867A (en) | Method and system for early warning and classification of security incidents in industrial control system | |
| CN110677271B (en) | Big data alarm method, device, equipment and storage medium based on ELK | |
| CN115222181B (en) | Robot operation state monitoring system and method | |
| CN114398222A (en) | Method for declaratively visually configuring Prometheus monitoring alarm | |
| CN115145902A (en) | Data processing method, data processing apparatus, storage medium, and electronic device | |
| CN110399405A (en) | Log alarming method, apparatus, system and storage medium | |
| CN114860525A (en) | Hard disk fault detection method, device, equipment and storage medium | |
| CN110647086B (en) | Intelligent operation and maintenance monitoring system based on operation big data analysis | |
| CN112904921A (en) | Real-time monitoring supervisory systems based on thing networking | |
| CN115190045B (en) | Monitoring method and device for express cabinet system service, electronic equipment and storage medium | |
| CN118074625A (en) | Equipment fault detection method, device, equipment and storage medium | |
| CN116910343A (en) | Abnormal alarm method, device and computer-readable storage medium for business system | |
| CN116959514A (en) | Temperature prediction method, device, equipment and medium of storage management system | |
| CN109978617A (en) | Agricultural product big data prediction technique, system, terminal and storage medium | |
| CN117271177A (en) | Root cause positioning method and device based on link data, electronic equipment and storage medium | |
| CN113657710A (en) | Wind control early warning method, system, equipment and computer readable storage medium | |
| CN118713927B (en) | An information security asset cyberspace mapping system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |