CN112597179A - Log information analysis method and device - Google Patents
Log information analysis method and device Download PDFInfo
- Publication number
- CN112597179A CN112597179A CN202110232334.1A CN202110232334A CN112597179A CN 112597179 A CN112597179 A CN 112597179A CN 202110232334 A CN202110232334 A CN 202110232334A CN 112597179 A CN112597179 A CN 112597179A
- Authority
- CN
- China
- Prior art keywords
- log
- log information
- field
- service system
- modification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
- G06F16/2358—Change logging, detection, and notification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3065—Monitoring arrangements determined by the means or processing involved in reporting the monitored data
- G06F11/3072—Monitoring arrangements determined by the means or processing involved in reporting the monitored data where the reporting involves data filtering, e.g. pattern matching, time or event triggered, adaptive or policy-based reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/80—Database-specific techniques
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Quality & Reliability (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a log information analysis method and a device, wherein the method comprises the following steps: acquiring log information of each service system; analyzing the log content of the corresponding log field from the log information of each service system according to each log field pre-configured in the configuration table; and outputting the log content analyzed by each service system. According to the method and the device, the log fields to be analyzed are configured in the configuration table, so that the log fields and the corresponding log contents which execute the modification operation and have different data before and after modification are analyzed from the log information of each service system, different log analysis codes do not need to be developed for different service systems, the log contents which execute the modification operation can be quickly analyzed from a large amount of original log information recorded by the service systems, the analysis of useless log information is avoided, and the log analysis efficiency is greatly improved.
Description
Technical Field
The invention relates to the technical field of software development, in particular to a log information analysis method and device.
Background
This section is intended to provide a background or context to the embodiments of the invention that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
And generating a system log by the operation of the business system. With the rapid development of services, more and more logs are recorded, and the analysis of the system logs is more and more important. Because the log is information for recording the operation behavior of the user, which operation is performed on the system data by the user can be checked through the analysis of the system log.
Generally, the operation of a user on data in a business system includes: adding, deleting, modifying and inquiring. For query operation, the security of the service system data is often not affected; for add and delete operations, it is easy to discover; for the modification operation, the modification operation is not easy to be found, and the modification operation can be found out by analyzing the log information recorded in the service system. For example, for a certain form in the auditing business system, if a list of data is added or deleted, the data is easy to be found, and if the list of data is modified, the modified data can cover the data before modification, so that the data modification is difficult to be found.
Therefore, how to quickly analyze the log content of the execution modification operation from a large amount of original log information recorded by the business system is a problem to be solved urgently for improving data security of each large business system.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides a log information analysis method, which is used for quickly analyzing log contents for executing modification operation from a large amount of original log information recorded by a service system, and comprises the following steps: acquiring log information of each service system; analyzing the log content of the log field for executing the modification operation from the log information of each service system according to each log field configured in a configuration table in advance; and outputting the log fields and the corresponding log contents which execute the modification operation and have different data before and after modification.
The embodiment of the present invention further provides a log information parsing apparatus, configured to quickly parse log contents for performing modification operations from a large amount of original log information recorded by a service system, where the apparatus includes: the log acquisition module is used for acquiring log information of each service system; the log analyzing module is used for analyzing the log content of the log field for executing the modification operation from the log information of each service system according to each log field configured in the configuration table in advance; and the log output module is used for outputting different log fields and corresponding log contents of the data before and after modification when modification operation is executed.
The embodiment of the invention also provides computer equipment for quickly analyzing the log content of the modification operation from a large amount of original log information recorded by a service system, wherein the computer equipment comprises a memory, a processor and a computer program which is stored on the memory and can be operated on the processor, and the log information analyzing method is realized when the processor executes the computer program.
The embodiment of the invention also provides a computer readable storage medium for rapidly analyzing the log content of the modification operation from a large amount of original log information recorded by a service system, wherein the computer readable storage medium stores a computer program for executing the log information analysis method.
In the embodiment of the invention, after the log information of each service system is acquired, the log content of the log field for executing the modification operation is analyzed from the log information of each service system according to each log field configured in the configuration table in advance, and then the log fields and the corresponding log contents which execute the modification operation and have different data before and after modification are output.
According to the embodiment of the invention, the log fields to be analyzed are configured in the configuration table, so that the log fields and the corresponding log contents which execute the modification operation and have different data before and after modification are analyzed from the log information of each service system, different log analysis codes do not need to be developed for different service systems, the log contents which execute the modification operation can be quickly analyzed from a large amount of original log information recorded by the service systems, the analysis of useless log information is avoided, and the log analysis efficiency is greatly improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. In the drawings:
fig. 1 is a flowchart of a log information parsing method provided in an embodiment of the present invention;
fig. 2 is a flowchart illustrating a specific implementation of a method for analyzing log information according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a log information analysis apparatus according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an optional log information parsing apparatus provided in an embodiment of the present invention;
fig. 5 is a schematic diagram of a computer device provided in an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
Fig. 1 is a flowchart of a log information analysis method provided in an embodiment of the present invention, and as shown in fig. 1, the method includes the following steps:
s101, acquiring log information of each service system.
It should be noted that the log information in the embodiment of the present invention refers to information of a service system recording operations of adding, deleting, modifying, or querying data by a user. The log information obtained in S101 is original log information recorded in each service system, and different service systems may generate log information with different log structures or formats.
In one embodiment, the above S101 may be implemented by the following steps: collecting log information of each service system; and uniformly storing the collected log information into a preset database. The original log information of different service systems is collected and put in storage uniformly, and when the log information is analyzed, the original log information of different service systems can be obtained from a database.
Optionally, a logging rule for logging information storage may be configured in advance, so as to facilitate logging information storage of different service systems.
S102, analyzing the log content of the log field for executing the modification operation from the log information of each service system according to each log field configured in the configuration table in advance.
Before executing the above S102, the log information parsing method provided in the embodiment of the present invention may further include the following steps: configuring one or more log fields in a configuration table; the priority or field type of each log field is configured. By setting the priority, the field type and other modes of each log field in the configuration table, the log analysis at the later stage is facilitated.
Optionally, in the embodiment of the present invention, according to each log field configured in the configuration table in advance, the log content of the log field that performs the addition, deletion, or query operation is analyzed from the log information of each service system, so as to output the log field that performs the addition, deletion, or query operation and the corresponding log content, thereby satisfying more log analysis application scenarios.
In specific implementation, the log information for performing the modification operation may be obtained from each service system, and then each log field configured in the configuration table in advance is matched with the log information for performing the modification operation in each service system, so as to obtain the log content of the log field for performing the modification operation in each service system.
S103, outputting the log fields and the corresponding log contents which execute the modification operation and have different data before and after modification.
In a specific implementation, the step S103 may be implemented by: acquiring a target log field for executing modification operation; acquiring first data of a target log field before modification operation and second data after modification operation; comparing the first data with the second data, and determining different log fields of the data before and after modification; and modifying different log fields of the data before and after modification and corresponding log contents.
Optionally, the parsed content is subjected to integration and summarization, and the log content after integration and summarization is output to a console, a page or an APP.
In the embodiment of the invention, the collected original log information of different service systems is decomposed and matched with the log fields configured in advance in the configuration table, so that the log content of a single log field can be obtained. And classifying and analyzing the single log field according to different operation types (adding operation, deleting operation, modifying operation and inquiring operation), and analyzing the modified log by matching the difference before and after modification to obtain the content of the modified part.
Fig. 2 is a flowchart illustrating a specific implementation of a log information parsing method provided in an embodiment of the present invention, and as shown in fig. 2, in the specific implementation, the log information parsing method provided in the embodiment of the present invention may include the following steps:
s201, configuring one or more log fields in a configuration table.
S202, configuring the priority or the field type of each log field.
S203, collecting the log information of each service system.
And S204, uniformly storing the collected log information into a preset database.
S205, obtaining log information for executing different log operations from a preset database, wherein the log operations include: add operations, delete operations, modify operations, and query operations.
S206, matching each log field configured in the configuration table in advance with the log information for executing different log operations in each service system to obtain the log content of the log field for executing different log operations.
S207, the log contents of the log fields of different log operations executed in each service system are integrated to obtain the log contents of different log operations executed by each service system.
As can be seen from the above, the log information analysis method provided in the embodiment of the present invention obtains the original log information of different log operations from each service system, stores the original log information in the data table in the preset database, and maps each log field to be analyzed configured in the configuration table to a corresponding field in the log structure of each service system. After the original log information of each service system is collected, the log contents of different log operations are recursively analyzed and executed by combining the field contents of each log field in the configuration table (recursion refers to a method for calling a program per se), and the analysis results are integrated. Optionally, the log analysis at the later stage is facilitated by setting the priority, the field type and other modes of each log field in the configuration table.
According to the embodiment of the invention, the log field to be analyzed is configured in the configuration table, so that the original log information can be quickly analyzed, irrelevant log information is filtered, the key operation point is searched out and is used as the analysis result to be fed back.
Based on the same inventive concept, the embodiment of the present invention further provides a log information analysis device, as in the following embodiments. Because the principle of the device for solving the problems is similar to the log information analysis method, the implementation of the device can refer to the implementation of the log information analysis method, and repeated parts are not described again.
Fig. 3 is a schematic diagram of a log information parsing apparatus provided in an embodiment of the present invention, and as shown in fig. 3, the apparatus includes: a log collection module 31, a log analysis module 32 and a log output module 33.
The log acquisition module 31 is configured to acquire log information of each service system; a log analyzing module 32, configured to analyze, according to each log field configured in the configuration table in advance, log content of the log field for performing the modification operation from the log information of each service system; and a log output module 33, configured to output log fields and corresponding log contents that are different before and after the modification operation is performed.
In an embodiment, as shown in fig. 4, the log information parsing apparatus provided in the embodiment of the present invention may further include: a configuration module 34, configured to configure one or more log fields in the configuration table, and configure the priority or field type of each log field.
In an embodiment, in the log information parsing apparatus provided in the embodiment of the present invention, the log collection module 31 is further configured to: collecting log information of each service system; and uniformly storing the collected log information into a preset database.
In an embodiment, in the log information parsing apparatus provided in the embodiment of the present invention, the log parsing module 32 is further configured to: acquiring log information for executing modification operation from each service system; and matching each log field configured in the configuration table in advance with the log information for executing the modification operation to obtain the log content of the log field for executing the modification operation.
In an embodiment, in the log information parsing apparatus provided in the embodiment of the present invention, the log output module 33 is further configured to: acquiring a target log field for executing modification operation; acquiring first data of a target log field before modification operation and second data after modification operation; comparing the first data with the second data, and determining different log fields of the data before and after modification; and modifying different log fields of the data before and after modification and corresponding log contents.
Optionally, in the log information analyzing apparatus provided in the embodiment of the present invention, the log analyzing module 32 is further configured to analyze, according to each log field configured in the configuration table in advance, the log content of the log field that performs an addition, deletion, or query operation from the log information of each service system; the log output module 33 is further configured to: and outputting the log fields for executing the adding, deleting or inquiring operation and the corresponding log contents.
Based on the same inventive concept, a computer device is further provided in the embodiments of the present invention, so as to quickly parse log contents for performing a modification operation from a large amount of original log information recorded by a business system, fig. 5 is a schematic diagram of a computer device provided in the embodiments of the present invention, as shown in fig. 5, the computer device 50 includes a memory 501, a processor 502, and a computer program stored on the memory 501 and capable of being executed on the processor 502, and the processor 502 implements the log information parsing method when executing the computer program.
Based on the same inventive concept, the embodiment of the present invention further provides a computer-readable storage medium for quickly parsing out log contents for performing a modification operation from a large amount of original log information recorded by a business system, where the computer-readable storage medium stores a computer program for performing the log information parsing method.
In summary, embodiments of the present invention provide a log information parsing method, an apparatus, a computer device, and a computer readable storage medium, after obtaining log information of each service system, according to each log field configured in a configuration table in advance, log content of a log field for performing a modification operation is parsed from the log information of each service system, and then log fields and corresponding log contents for performing the modification operation and having different data before and after modification are output. According to the embodiment of the invention, the log fields to be analyzed are configured in the configuration table, so that the log fields and the corresponding log contents which execute the modification operation and have different data before and after modification are analyzed from the log information of each service system, different log analysis codes do not need to be developed for different service systems, the log contents which execute the modification operation can be quickly analyzed from a large amount of original log information recorded by the service systems, the analysis of useless log information is avoided, and the log analysis efficiency is greatly improved.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. A log information parsing method is characterized by comprising the following steps:
acquiring log information of each service system;
analyzing the log content of the log field for executing the modification operation from the log information of each service system according to each log field configured in a configuration table in advance;
and outputting the log fields and the corresponding log contents which execute the modification operation and have different data before and after modification.
2. The method of claim 1, wherein obtaining log information for each business system comprises:
collecting log information of each service system;
and uniformly storing the collected log information into a preset database.
3. The method of claim 1, wherein analyzing log contents of log fields for performing modification operations from log information of each service system according to each log field configured in a configuration table in advance comprises:
acquiring log information for executing modification operation from each service system;
and matching each log field configured in the configuration table in advance with the log information for executing the modification operation to obtain the log content of the log field for executing the modification operation.
4. The method of claim 1, wherein outputting log fields and corresponding log contents that perform the modify operation and differ in data before and after the modify operation comprises:
acquiring a target log field for executing modification operation;
acquiring first data of a target log field before modification operation and second data after modification operation;
comparing the first data with the second data, and determining different log fields of the data before and after modification;
and modifying different log fields of the data before and after modification and corresponding log contents.
5. The method of claim 1, wherein the method further comprises:
configuring one or more log fields in a configuration table;
the priority or field type of each log field is configured.
6. The method of any of claims 1 to 5, further comprising:
analyzing the log content of the log field for executing addition, deletion or query operation from the log information of each service system according to each log field configured in a configuration table in advance;
and outputting the log fields for executing the adding, deleting or inquiring operation and the corresponding log contents.
7. A log information analysis device, comprising:
the log acquisition module is used for acquiring log information of each service system;
the log analyzing module is used for analyzing the log content of the log field for executing the modification operation from the log information of each service system according to each log field configured in the configuration table in advance;
and the log output module is used for outputting different log fields and corresponding log contents of the data before and after modification when modification operation is executed.
8. The apparatus of claim 7, wherein the apparatus further comprises:
the configuration module is used for configuring one or more log fields in the configuration table and configuring the priority or the field type of each log field.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the log information parsing method of any one of claims 1 to 6 when executing the computer program.
10. A computer-readable storage medium storing a computer program for executing the log information parsing method according to any one of claims 1 through 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110232334.1A CN112597179B (en) | 2021-03-03 | 2021-03-03 | Log information analysis method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110232334.1A CN112597179B (en) | 2021-03-03 | 2021-03-03 | Log information analysis method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112597179A true CN112597179A (en) | 2021-04-02 |
| CN112597179B CN112597179B (en) | 2021-10-15 |
Family
ID=75210116
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110232334.1A Active CN112597179B (en) | 2021-03-03 | 2021-03-03 | Log information analysis method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112597179B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115391408A (en) * | 2022-10-27 | 2022-11-25 | 深圳市华曦达科技股份有限公司 | Video log tracking method and device and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040059510A1 (en) * | 2000-10-17 | 2004-03-25 | Thompson Archie R. | System and method of managing safety compliance data |
| CN1825812A (en) * | 2005-02-25 | 2006-08-30 | 华为技术有限公司 | System and method for managing network web log information |
| CN111752925A (en) * | 2020-06-29 | 2020-10-09 | 山东浪潮通软信息科技有限公司 | Visual data management method |
-
2021
- 2021-03-03 CN CN202110232334.1A patent/CN112597179B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040059510A1 (en) * | 2000-10-17 | 2004-03-25 | Thompson Archie R. | System and method of managing safety compliance data |
| CN1825812A (en) * | 2005-02-25 | 2006-08-30 | 华为技术有限公司 | System and method for managing network web log information |
| CN111752925A (en) * | 2020-06-29 | 2020-10-09 | 山东浪潮通软信息科技有限公司 | Visual data management method |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115391408A (en) * | 2022-10-27 | 2022-11-25 | 深圳市华曦达科技股份有限公司 | Video log tracking method and device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112597179B (en) | 2021-10-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109388566B (en) | Code coverage rate analysis method, device, equipment and storage medium | |
| CN106951430B (en) | Account table query method and device | |
| US8612939B2 (en) | Multi trace parser | |
| CN108509658B (en) | XML file parsing method and device | |
| US20190220387A1 (en) | Unexplored branch search in hybrid fuzz testing of software binaries | |
| CN113326238A (en) | Data processing method, device, equipment and storage medium | |
| CN114780485A (en) | Electronic archive management method, system, readable storage medium and equipment | |
| CN110990055B (en) | Pull Request function classification method based on program analysis | |
| CN116431520A (en) | Test scene determination method, device, electronic equipment and storage medium | |
| CN109063040B (en) | Client program data acquisition method and system | |
| CN112597179B (en) | Log information analysis method and device | |
| CN113568604B (en) | Method and device for updating wind control strategy and computer readable storage medium | |
| US20160266875A1 (en) | Software automatic configuration apparatus, software automatic configuration method, and storage media | |
| CN113868698A (en) | File desensitization method and equipment | |
| CN107330031B (en) | Data storage method and device and electronic equipment | |
| CN113901021A (en) | Method and device for generating upgrading script for multi-version database and electronic equipment | |
| CN110727565B (en) | Network equipment platform information collection method and system | |
| CN111176901A (en) | HDFS deleted file recovery method, terminal device and storage medium | |
| CN115757174A (en) | Database difference detection method and device | |
| CN113821486A (en) | Method and device for determining dependency relationship between pod libraries and electronic equipment | |
| CN114297236A (en) | Data blood relationship analysis method, terminal equipment and storage medium | |
| JP7006769B2 (en) | Search sentence utilization device and search sentence utilization method | |
| CN113821193A (en) | Information generation method and device and storage medium | |
| CN111913700B (en) | Cloud-end interaction protocol analysis method, device, equipment and storage medium | |
| CN112597109B (en) | Data storage method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230317 Address after: 1804, Building 3, Shenzhen New Generation Industrial Park, 136 Zhongkang Road, Meidu Community, Meilin Street, Futian District, Shenzhen City, Guangdong Province, 518049 Patentee after: Shenzhen Shijie Yuntian Technology Co.,Ltd. Address before: 2508, 25 / F, building 3, No.19 yard, Beiyuan East Road, Chaoyang District, Beijing 100020 Patentee before: Beijing Horizon Yuntian Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right |