CN112866005A - Method, device and equipment for processing user access log and storage medium - Google Patents

Method, device and equipment for processing user access log and storage medium Download PDF

Info

Publication number
CN112866005A
CN112866005A CN202011630030.2A CN202011630030A CN112866005A CN 112866005 A CN112866005 A CN 112866005A CN 202011630030 A CN202011630030 A CN 202011630030A CN 112866005 A CN112866005 A CN 112866005A
Authority
CN
China
Prior art keywords
log
user access
internet protocol
access log
protocol address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011630030.2A
Other languages
Chinese (zh)
Other versions
CN112866005B (en
Inventor
金建龙
梁彧
田野
傅强
王杰
杨满智
蔡琳
金红
陈晓光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Eversec Beijing Technology Co Ltd
Original Assignee
Eversec Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eversec Beijing Technology Co Ltd filed Critical Eversec Beijing Technology Co Ltd
Priority to CN202011630030.2A priority Critical patent/CN112866005B/en
Publication of CN112866005A publication Critical patent/CN112866005A/en
Application granted granted Critical
Publication of CN112866005B publication Critical patent/CN112866005B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping

Abstract

The embodiment of the invention discloses a method, a device, equipment and a storage medium for processing a user access log, wherein the method comprises the following steps: when a user access log is detected, matching each remote authentication dial-up user service log with the user access log according to the address type of an internet protocol address included in each remote authentication dial-up user service log; the family broadband account information in the target remote authentication dialing user service log obtained through matching is obtained and added into the user access log, the family broadband account information in the user access log is added, and therefore corresponding network service is provided for the matched family broadband account according to the user access information.

Description

Method, device and equipment for processing user access log and storage medium
Technical Field
The embodiment of the invention relates to the technical field of networks, in particular to a method, a device, equipment and a storage medium for processing a user access log.
Background
With the continuous development of network technology and computer technology, the home broadband greatly facilitates and enriches the lives of people by virtue of the advantages of high transmission rate and high frequency bandwidth, and is paid more and more attention and research.
In home broadband networking, a user access log is mainly acquired through an acquisition layer technology to acquire user access information such as network access time, source Internet Protocol (IP) address and port; however, the home broadband account and the related information used by the current user to access the network cannot be directly acquired only through the user access log, so that the matched broadband network service cannot be provided for the corresponding home broadband account according to the acquired user access information, and the user experience is reduced.
Disclosure of Invention
The embodiment of the invention provides a method, a device, equipment and a storage medium for processing a user access log, which are used for adding family broadband account information in the user access log.
In a first aspect, an embodiment of the present invention provides a method for processing a user access log, including:
when a user access log is detected, matching each remote authentication dial-up user service log with the user access log according to the address type of an internet protocol address included in each remote authentication dial-up user service log;
and acquiring the family broadband account information in the target remote authentication dialing user service log obtained by matching, and adding the family broadband account information into the user access log.
In a second aspect, an embodiment of the present invention provides a device for processing a user access log, including:
the system comprises a user access log detection module, a user access log detection module and a remote authentication dialing user service log matching module, wherein the user access log detection module is used for matching each remote authentication dialing user service log with the user access log according to the address type of an internet protocol address included in each remote authentication dialing user service log when detecting the user access log;
and the family broadband account information acquisition module is used for acquiring the family broadband account information in the target remote authentication dialing user service log obtained by matching and adding the family broadband account information into the user access log.
In a third aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes:
one or more processors;
storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the method for processing the user access log according to any embodiment of the present invention.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the method for processing the user access log according to any embodiment of the present invention.
According to the technical scheme provided by the embodiment of the invention, when the user access log is detected, each remote authentication dialing user service log is matched with the user access log according to the address type of the internet protocol address included in each remote authentication dialing user service log; the family broadband account information in the target remote authentication dialing user service log obtained through matching is obtained and added into the user access log, the family broadband account information in the user access log is added, and meanwhile, corresponding network service is provided for the matched family broadband account according to the user access information by establishing the corresponding relation between the user access log and the family broadband account information.
Drawings
Fig. 1 is a flowchart of a method for processing a user access log according to an embodiment of the present invention;
fig. 2 is a flowchart of a processing method for a user access log according to a second embodiment of the present invention;
fig. 3 is a block diagram of a processing apparatus for a user access log according to a third embodiment of the present invention;
fig. 4 is a block diagram of an electronic device according to a fourth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of a method for processing a user access log according to an embodiment of the present invention, where this embodiment is applicable to a case where matching home broadband account information is added to the user access log, and the method may be executed by a device for processing the user access log according to an embodiment of the present invention, where the device may be implemented by software and/or hardware, and may be generally integrated on an electronic device, and typically may be integrated in a gateway, an exchange, or a server, and the method specifically includes the following steps:
s110, when the user access log is detected, matching each remote authentication dial-up user service log with the user access log according to the address type of the internet protocol address included in each remote authentication dial-up user service log.
The user access log comprises network access information of a user, for example, a source IP address, a source port number, an accessed destination IP address, a destination port number and corresponding access time of the user accessing the network, and is mainly used for recording network access records of the user; in the embodiment of the invention, the existing user access log is utilized to acquire the family broadband account information matched with the user access information, and the acquired matched family broadband account information is added into the user access log, so that the user access information and the corresponding family broadband account information are acquired simultaneously through the user access log; and then when the user access is abnormal or has a network problem, the corresponding home broadband account is searched according to the user access information, and optimization improvement is performed on the current user network, so that the network use experience of the user is improved.
Remote Authentication Dial In User Service (RADIUS), which is a protocol based on Client/Server (C/S) structure, is mainly responsible for Authentication, authorization, accounting and information configuration between network access equipment and Authentication Server; when the user terminal equipment is connected to the server through the RADIUS protocol, the family broadband account and related information need to be sent to the RADIUS client to perform server authentication, so that the RADIUS log can record an internet protocol address, family broadband account information and corresponding online and offline information used by the user terminal equipment. According to whether the user terminal device is subjected to Network Address Translation (NAT), the RADIUS log can be subdivided into an NAT type log and a non-NAT type log, and the IP Address types contained in the different types of RADIUS logs are different. The network address conversion is responsible for converting a private network IP address into a public network IP address so as to realize the access of a local host to the Internet; the public network IP address refers to an IP address which can directly access the Internet, and other corresponding people can also access the IP address, and the public network IP address is usually used for a server or a regional network; the private network IP address refers to a local IP address allocated by a host in a private network, cannot directly access the internet, and needs to be converted into a corresponding public network IP address to access the internet. In the embodiment of the invention, the acquisition of the family broadband account information and the target IP address is realized through the RADIUS log.
Specifically, the types of Internet Protocol (IP) addresses included in the RADIUS log are different corresponding to different networking structures; for sinking networking, the types of the IP addresses in the RADIUS logs of the NAT type simultaneously comprise a public network type and a private network type, and the types of the IP addresses contained in the RADIUS logs of the non-NAT type are only the public network type; for non-sinking networking, the type of the IP address contained in the RADIUS log of the NAT type is only a private network type, and the type of the IP address contained in the RADIUS log of the non-NAT type is only a public network type; the sinking networking is to completely realize the sinking of a Broadband Remote Access Server (BRAS) from a city to a district, so that a user can Access nearby, and network transmission faults can be effectively reduced; correspondingly, non-sinking networking refers to a regional network in which the BRAS is not sunk, and the RADIUS log cannot acquire public network information, so that the non-sinking networking only comprises an IP address of a private network type; in addition, there is also an area network structure with a sinking part of the network, which is a semi-sinking networking, that is, a part of sinking networking and a part of non-sinking networking are included at the same time. Therefore, the IP address types in the RADIUS logs are not uniform, the source IP addresses in the user access logs are all public network types, and if the IP addresses contained in the RADIUS logs are all public network types, the matched RADIUS logs can be obtained directly according to the source IP addresses, the source port numbers and the time stamps of the user access logs; if the target IP address in the RADIUS log comprises the IP address of the private network type, the private network address corresponding to the source IP address of the current user access log is obtained by obtaining the firewall log matched with the current user access log, and then the matched RADIUS log is searched according to the obtained corresponding private network IP address and the timestamp information.
Optionally, in this embodiment of the present invention, the matching, according to an address type of an internet protocol address included in each remote authentication dial-up user service log, each remote authentication dial-up user service log with the user access log includes: obtaining a current processing service log from all remote authentication dial-up user service logs, and obtaining an address type of an internet protocol address included in the current processing service log; and if the address type is only determined to be a public network internet protocol address, detecting whether the current processing service log is matched with the user access log according to various internet protocol description information in the current processing service log and the user access log.
Specifically, after detecting that a user accesses logs, matching all obtained RADIUS logs one by one; for the RADIUS log processed currently, the IP address contained in the RADIUS log is obtained, and the type of the IP address is judged; note that one RADIUS log may contain one or two IP addresses, one being a public network type IP address and the other being a private network type IP address in the case of two IP addresses. Because different users use the same IP address, only the IP address comparison is carried out, and the RADIUS log matched with the user access log cannot be accurately acquired. When the currently processed RADIUS log only contains an IP address of a public network address type, acquiring a first IP address and other IP description information in a user access log, and further matching the user access log with the currently processed RADIUS log, wherein the other IP description information comprises port information and time information; if the first IP address of the user access log is matched with other IP description information and information of the RADIUS log, the fact that the currently processed RADIUS log is matched with the current user access log is indicated, and accuracy of obtaining the matched RADIUS log is improved.
Optionally, in this embodiment of the present invention, the detecting, according to the internet protocol description information in the current processing service log and the user access log, whether the current processing service log matches the user access log may include: acquiring a first internet protocol address, a first port interval and a first online time interval from the current processing service log, and acquiring a second internet protocol address, a first port number and a first timestamp from the user access log; determining that the currently processed service log matches the user access log if the first internet protocol address matches the second internet protocol address, the first port number is within the first port zone, and the first timestamp is within the first online time zone. The first internet protocol address and the first port interval refer to an IP address and a port interval in a RADIUS log, wherein the IP address is only a public network type; the first online time interval refers to a time interval recorded in the RADIUS log between online and offline of the user; if only the online time exists, the first online time interval can be regarded as infinite time after the online time, namely, the user is always online; correspondingly, when the timestamp of the user access log is compared with the online time interval of the RADIUS log subsequently, the timestamp only needs to be after the online time, and then the timestamp can be regarded as time information matching. Specifically, under the condition that the second IP address in the user access log is consistent with the first IP address in the RADIUS log, if the first port number obtained by the user access log is located in the first port interval recorded in the RADIUS log and the first timestamp of the user access log is also located in the first online interval of the RADIUS log, the current processed RADIUS and the current user access log can be determined to be strictly matched, and the accuracy of obtaining the matched RADIUS log is further improved.
Optionally, in this embodiment of the present invention, if it is determined that the address type is only a private internet protocol address, the source internet protocol address in the user access log is converted into a private internet protocol address, and according to the private internet protocol address and various internet protocol description information in the current processing service log and the user access log, it is detected whether the current processing service log matches the user access log. Specifically, because the IP addresses included in the user access log are all public network type IP addresses, when the address type of the RADIUS is only a private network type, the comparison between the IP addresses and other description information cannot be directly performed; at the moment, the matched firewall logs are obtained according to the user access logs, so that the source IP addresses of the public network types in the user access logs are converted into corresponding private network IP addresses; and searching the matched RADIU log according to the IP address and the time information of the private network.
Optionally, in this embodiment of the present invention, the detecting, according to the private internet protocol address and the IP description information in the current processing service log and the user access log, whether the current processing service log matches the user access log may include: acquiring a third internet protocol address and a second online time interval in the current processing service log, and acquiring a second timestamp in the user access log; determining that the current processing service log matches the user access log if the private internet protocol address matches the third internet protocol address and the second timestamp is within the second line time interval. The third internet protocol address and the second online time refer to the IP address and the online time in the RADIUS log which only contains the IP address of the private network type. Specifically, when the type of the IP address in the RADIUS log is only a private network type, a private network IP address matched with the original IP address is obtained; meanwhile, corresponding second timestamp information is obtained from the current user access log, and a third IP address and a second online time interval are extracted from the RADIUS log; and if the current private network IP address is consistent with the third IP address in the RADIUS and the second timestamp is positioned in the second time interval, the matching of the currently processed RADIUS log and the current user access log is shown, so that the user access log can acquire the matched RADIUS log when only the private network type IP address is contained in the RADIUS log.
Optionally, in the embodiment of the present invention, if it is determined that the address type includes a public internet protocol address and a private internet protocol address at the same time, whether the currently processed service log matches the user access log is detected according to each item of IP description information in the currently processed service log and the user access log; and/or converting a source internet protocol address in the user access log into a private internet protocol address, and detecting whether the current processing service log is matched with the user access log according to the private internet protocol address and various IP description information in the current processing service log and the user access log.
Specifically, when the RADIUS log is determined to contain the IP addresses of the public network type and the private network type at the same time, the matched RADIUS log can be searched according to the IP address of the public network type, the searching method is consistent with the method for obtaining the matched RADIUS log when the RADIUS log only contains the IP address of the public network type, and if the matched RADIUS log is obtained according to the IP address of the public network type and other IP description information, the matching process is ended; if the matching result is not obtained, searching for a matched RADIUS log according to the private network IP address; or firstly, according to the IP address of the private network type, converting the source IP address into a corresponding private network IP address, searching the matched RADIUS log, if the matched RADIUS log is obtained, finishing the matching process, and if the matching result is not obtained, searching the matched RADIUS log according to the public network IP address; the matched RADIUS log is searched according to the IP address of the public network type and other IP description information, the searching result is not considered, the source IP address is converted into the corresponding private network IP address according to the IP address of the private network type continuously, the matched RADIUS log is further acquired, and the final matching result is acquired after all searching is finished; acquisition of any type of matching RADIUS log can be achieved.
Optionally, in this embodiment of the present invention, the converting the source internet protocol address in the user access log into the private internet protocol address may include: matching all IP description information in the firewall logs and the user access logs; and converting the source internet protocol address in the user access log into a private internet protocol address according to the mapping relation between the source internet protocol address and the private internet protocol address in the firewall log obtained by matching. The firewall is a network security system located between an internal network and an external network, and monitors data communication between the internal network and the external network according to a specific rule, and allows or limits the passing of transmission data; correspondingly, recording an internal network (corresponding to a private network) IP address and an external network (corresponding to a public network) IP address for data transmission in a firewall log file; therefore, by acquiring the firewall log matched with the user access log, the mapping relation between the private network IP address and the public network IP address can be acquired, and further the source IP address in the user access log is converted into the corresponding private network IP address.
Optionally, in this embodiment of the present invention, the matching the firewall logs and the IP description information in the user access log may include: obtaining the current processing firewall logs in all firewall logs; obtaining a first source internet protocol address, a first source port number, a first destination internet protocol address, a first destination port number and a third timestamp from the current processing firewall log, and obtaining a second source internet protocol address, a second source port number, a second destination internet protocol address, a second destination port number and a fourth timestamp from the user access log; if the first source internet protocol address, the first source port number, the first destination internet protocol address, the first destination port number, and the third timestamp of the currently processed firewall log are respectively and correspondingly matched with the second source internet protocol address, the second source port number, the second destination internet protocol address, the second destination port number, and the fourth timestamp of the user access log, it is determined that the currently processed firewall log is matched with the user access log. Specifically, according to the currently detected user access logs, all firewall logs are matched one by one to obtain matched firewall logs; the source IP address and the source port number refer to an IP address and a port number used by a user for accessing a network, and the destination IP address and a destination port number refer to an IP address and a port number of a network accessed by the user; when the user access log is matched with the firewall log, and the source IP address, the source port number, the destination address, the destination port number and the timestamp information of the user access log and the firewall log are consistent, the current user access log can be determined to be matched with the firewall log processed currently, and the accuracy of obtaining and matching the firewall log is improved.
And S120, acquiring the home broadband account information in the target remote authentication dial-up user service log obtained by matching, and adding the home broadband account information into the user access log.
The family broadband account information refers to an account adopted by a user for accessing the Internet through a family broadband, and the corresponding network user can be accurately positioned through the family broadband account information. Specifically, after the RADIUS log matched with the current user service log is obtained, the family broadband account information contained in the matched RADIUS log is added to the current user access log, so that the addition of the corresponding family broadband account information in the user access log is realized, further, the more matched network service is provided for the corresponding user through the user access log, and the network use experience of the user is improved.
According to the technical scheme provided by the embodiment of the invention, when the user access log is detected, each remote authentication dialing user service log is matched with the user access log according to the address type of the internet protocol address included in each remote authentication dialing user service log; the family broadband account information in the target remote authentication dialing user service log obtained through matching is obtained and added into the user access log, the family broadband account information in the user access log is added, and meanwhile, corresponding network service is provided for the matched family broadband account according to the user access information by establishing the corresponding relation between the user access log and the family broadband account information.
Example two
Fig. 2 is a flowchart of a method for processing a user access log according to a second embodiment of the present invention, which is embodied on the basis of the foregoing embodiment, in this embodiment, a RADIUS log matched with the user access log is obtained for RADIUS logs including different types of IP addresses, so as to add home broadband account information in the user access log, and the method specifically includes:
s210, when the user access log is detected, obtaining the current processing service log from all remote authentication dialing user service logs.
S220, obtaining the address type of the Internet protocol address included in the current processing service log.
Wherein if it is determined that the address type is only a public internet protocol address, S230 is performed; if it is determined that the address type includes both a public internet protocol address and a private internet protocol address, performing S240; if it is determined that the address type is only a private internet protocol address, S260 is performed.
S230, detecting whether the current processing service log is matched with the user access log according to the Internet protocol description information in the current processing service log and the user access log, and executing S270.
S240, detecting whether the current processing service log is matched with the user access log according to the Internet protocol description information in the current processing service log and the user access log, and executing S250.
S250, converting the source internet protocol address in the user access log into a private internet protocol address, detecting whether the current processing service log is matched with the user access log according to the private internet protocol address and the internet protocol description information in the current processing service log and the user access log, and executing S270.
S260, converting the source internet protocol address in the user access log into a private internet protocol address, detecting whether the current processing service log is matched with the user access log according to the private internet protocol address and the internet protocol description information in the current processing service log and the user access log, and executing S270.
And S270, acquiring the home broadband account information in the target remote authentication dial-up user service log obtained by matching, and adding the home broadband account information into the user access log.
According to the technical scheme provided by the embodiment of the invention, when the user access log is detected, the current processing service log is obtained from all remote authentication dial-up user service logs, the address type of an internet protocol address included in the current processing service log is obtained, a corresponding matching method is adopted for the RADIUS including IP addresses with different address types to obtain the RADIUS matched with the currently detected user access log, and the family broadband account information in the matched RADIUS log is added into the currently detected user access log, so that the family broadband account information is added into the user access log in different networking structures.
EXAMPLE III
Fig. 3 is a block diagram of a structure of a processing apparatus for a user access log according to a third embodiment of the present invention, where the apparatus specifically includes: a user access log detection module 310 and a home broadband account information acquisition module 320;
a user access log detection module 310, configured to, when a user access log is detected, match each remote authentication dial-up user service log with the user access log according to an address type of an internet protocol address included in each remote authentication dial-up user service log;
and the home broadband account information acquisition module 320 is configured to acquire home broadband account information in the target remote authentication dial-up user service log obtained by matching, and add the home broadband account information to the user access log.
According to the technical scheme provided by the embodiment of the invention, when the user access log is detected, each remote authentication dialing user service log is matched with the user access log according to the address type of the internet protocol address included in each remote authentication dialing user service log; the family broadband account information in the target remote authentication dialing user service log obtained through matching is obtained and added into the user access log, the family broadband account information in the user access log is added, and meanwhile, corresponding network service is provided for the matched family broadband account according to the user access information by establishing the corresponding relation between the user access log and the family broadband account information.
Optionally, on the basis of the foregoing technical solution, the user access log detection module 310 includes:
the system comprises an address type acquisition unit, a processing unit and a processing unit, wherein the address type acquisition unit is used for acquiring a current processing service log from all remote authentication dial-up user service logs and acquiring the address type of an internet protocol address included in the current processing service log;
a first matching detection unit, configured to, if it is determined that the address type is only a public internet protocol address, detect whether the currently processed service log matches the user access log according to various internet protocol description information in the currently processed service log and the user access log;
and the second matching detection unit is used for converting the source internet protocol address in the user access log into a private internet protocol address if the address type is only determined to be the private internet protocol address, and detecting whether the current processing service log is matched with the user access log according to the private internet protocol address and various internet protocol description information in the current processing service log and the user access log.
Optionally, on the basis of the foregoing technical solution, the user access log detection module 310 further includes:
a third matching detection unit, configured to, if it is determined that the address type includes both a public internet protocol address and a private internet protocol address, detect whether the currently processed service log matches the user access log according to each item of internet protocol description information in the currently processed service log and the user access log; and/or, converting a source internet protocol address in the user access log into a private internet protocol address, and detecting whether the current processing service log is matched with the user access log according to the private internet protocol address and various internet protocol description information in the current processing service log and the user access log.
Optionally, on the basis of the foregoing technical solution, the first matching detection unit is specifically configured to obtain a first internet protocol address, a first port number, and a first online time interval in the current processing service log, and obtain a second internet protocol address, a first port number, and a first timestamp in the user access log; determining that the currently processed service log matches the user access log if the first internet protocol address matches the second internet protocol address, the first port number is within the first port zone, and the first timestamp is within the first online time zone.
Optionally, on the basis of the foregoing technical solution, the second matching detection unit is specifically configured to obtain a third internet protocol address and a second online time interval in the current processing service log, and obtain a second timestamp in the user access log; determining that the current processing service log matches the user access log if the private internet protocol address matches the third internet protocol address and the second timestamp is within the second line time interval.
Optionally, on the basis of the above technical solution, the second matching detection unit is specifically configured to match each firewall log with each internet protocol description information in the user access log; and converting the source internet protocol address in the user access log into a private internet protocol address according to the mapping relation between the source internet protocol address and the private internet protocol address in the firewall log obtained by matching.
Optionally, on the basis of the above technical solution, the second matching detection unit is specifically configured to obtain the firewall log of the current processing from all firewall logs; obtaining a first source internet protocol address, a first source port number, a first destination internet protocol address, a first destination port number and a third timestamp from the current processing firewall log, and obtaining a second source internet protocol address, a second source port number, a second destination internet protocol address, a second destination port number and a fourth timestamp from the user access log; if the first source internet protocol address, the first source port number, the first destination internet protocol address, the first destination port number, and the third timestamp of the currently processed firewall log are respectively and correspondingly matched with the second source internet protocol address, the second source port number, the second destination internet protocol address, the second destination port number, and the fourth timestamp of the user access log, it is determined that the currently processed firewall log is matched with the user access log.
The device can execute the processing method of the user access log provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method. For technical details not described in detail in this embodiment, reference may be made to the method provided in any embodiment of the present invention.
Example four
Fig. 4 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present invention. FIG. 4 illustrates a block diagram of an exemplary electronic device 12 suitable for use in implementing embodiments of the present invention. The electronic device 12 shown in fig. 4 is only an example and should not bring any limitation to the function and the scope of use of the embodiment of the present invention.
As shown in FIG. 4, electronic device 12 is embodied in the form of a general purpose computing device. The components of electronic device 12 may include, but are not limited to: one or more processors or processing units 16, a memory 28, and a bus 18 that couples various system components including the memory 28 and the processing unit 16.
Bus 18 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Electronic device 12 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by electronic device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)30 and/or cache memory 32. The electronic device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 4, and commonly referred to as a "hard drive"). Although not shown in FIG. 4, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. Memory 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally carry out the functions and/or methodologies of the described embodiments of the invention.
Electronic device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), with one or more devices that enable a user to interact with electronic device 12, and/or with any devices (e.g., network card, modem, etc.) that enable electronic device 12 to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface 22. Also, the electronic device 12 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet) via the network adapter 20. As shown, the network adapter 20 communicates with other modules of the electronic device 12 via the bus 18. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with electronic device 12, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 16 executes various functional applications and data processing by executing programs stored in the memory 28, for example, implementing a processing method of a user access log provided by any embodiment of the present invention. Namely: when a user access log is detected, matching each remote authentication dial-up user service log with the user access log according to the address type of an internet protocol address included in each remote authentication dial-up user service log; and acquiring the family broadband account information in the target remote authentication dialing user service log obtained by matching, and adding the family broadband account information into the user access log.
EXAMPLE five
Fifth, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a method for processing a user access log according to any embodiment of the present invention; the method comprises the following steps:
when a user access log is detected, matching each remote authentication dial-up user service log with the user access log according to the address type of an internet protocol address included in each remote authentication dial-up user service log;
and acquiring the family broadband account information in the target remote authentication dialing user service log obtained by matching, and adding the family broadband account information into the user access log.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (10)

1. A processing method for a user access log is characterized by comprising the following steps:
when a user access log is detected, matching each remote authentication dial-up user service log with the user access log according to the address type of an internet protocol address included in each remote authentication dial-up user service log;
and acquiring the family broadband account information in the target remote authentication dialing user service log obtained by matching, and adding the family broadband account information into the user access log.
2. The method of claim 1, wherein matching each of the remote authentication dial-up subscriber service logs with the subscriber access log according to an address type of an internet protocol address included in the remote authentication dial-up subscriber service log comprises:
obtaining a current processing service log from all remote authentication dial-up user service logs, and obtaining an address type of an internet protocol address included in the current processing service log;
if the address type is only determined to be a public network internet protocol address, detecting whether the current processing service log is matched with the user access log according to various internet protocol description information in the current processing service log and the user access log;
if the address type is only determined to be a private internet protocol address, converting a source internet protocol address in the user access log into a private internet protocol address, and detecting whether the current processing service log is matched with the user access log according to the private internet protocol address and various internet protocol description information in the current processing service log and the user access log.
3. The method of claim 2, after obtaining the address type of the internet protocol address included in the current processing service log, further comprising:
if the address type is determined to comprise a public network internet protocol address and a private network internet protocol address at the same time, detecting whether the current processing service log is matched with the user access log according to various internet protocol description information in the current processing service log and the user access log;
and/or, converting a source internet protocol address in the user access log into a private internet protocol address, and detecting whether the current processing service log is matched with the user access log according to the private internet protocol address and various internet protocol description information in the current processing service log and the user access log.
4. The method of claim 2 or 3, wherein the detecting whether the currently processed service log matches the user access log according to the internet protocol description information items in the currently processed service log and the user access log comprises:
acquiring a first internet protocol address, a first port interval and a first online time interval from the current processing service log, and acquiring a second internet protocol address, a first port number and a first timestamp from the user access log;
determining that the currently processed service log matches the user access log if the first internet protocol address matches the second internet protocol address, the first port number is within the first port zone, and the first timestamp is within the first online time zone.
5. The method of claim 2 or 3, wherein the detecting whether the currently processed service log matches the user access log according to the private internet protocol address and the internet protocol description information items in the currently processed service log and the user access log comprises:
acquiring a third internet protocol address and a second online time interval in the current processing service log, and acquiring a second timestamp in the user access log;
determining that the current processing service log matches the user access log if the private internet protocol address matches the third internet protocol address and the second timestamp is within the second line time interval.
6. The method of claim 2 or 3, wherein translating the source internet protocol address to a private internet protocol address in the user access log comprises:
matching each firewall log with each Internet protocol description information in the user access log;
and converting the source internet protocol address in the user access log into a private internet protocol address according to the mapping relation between the source internet protocol address and the private internet protocol address in the firewall log obtained by matching.
7. The method of claim 6, wherein matching Internet protocol description information in each of the firewall logs and the user access log comprises:
obtaining the current processing firewall logs in all firewall logs;
obtaining a first source internet protocol address, a first source port number, a first destination internet protocol address, a first destination port number and a third timestamp from the current processing firewall log, and obtaining a second source internet protocol address, a second source port number, a second destination internet protocol address, a second destination port number and a fourth timestamp from the user access log;
if the first source internet protocol address, the first source port number, the first destination internet protocol address, the first destination port number, and the third timestamp of the currently processed firewall log are respectively and correspondingly matched with the second source internet protocol address, the second source port number, the second destination internet protocol address, the second destination port number, and the fourth timestamp of the user access log, it is determined that the currently processed firewall log is matched with the user access log.
8. A device for processing a user access log, comprising:
the system comprises a user access log detection module, a user access log detection module and a remote authentication dialing user service log matching module, wherein the user access log detection module is used for matching each remote authentication dialing user service log with the user access log according to the address type of an internet protocol address included in each remote authentication dialing user service log when detecting the user access log;
and the family broadband account information acquisition module is used for acquiring the family broadband account information in the target remote authentication dialing user service log obtained by matching and adding the family broadband account information into the user access log.
9. An electronic device, characterized in that the electronic device comprises:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement a method of processing a user access log as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a method of processing a user access log according to any one of claims 1 to 7.
CN202011630030.2A 2020-12-31 2020-12-31 Method, device and equipment for processing user access log and storage medium Active CN112866005B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011630030.2A CN112866005B (en) 2020-12-31 2020-12-31 Method, device and equipment for processing user access log and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011630030.2A CN112866005B (en) 2020-12-31 2020-12-31 Method, device and equipment for processing user access log and storage medium

Publications (2)

Publication Number Publication Date
CN112866005A true CN112866005A (en) 2021-05-28
CN112866005B CN112866005B (en) 2023-04-07

Family

ID=75999802

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011630030.2A Active CN112866005B (en) 2020-12-31 2020-12-31 Method, device and equipment for processing user access log and storage medium

Country Status (1)

Country Link
CN (1) CN112866005B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114173346A (en) * 2021-12-01 2022-03-11 恒安嘉新(北京)科技股份公司 Coverage detection method, device, equipment and medium for malicious program monitoring system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130067062A1 (en) * 2011-09-12 2013-03-14 Microsoft Corporation Correlation of Users to IP Address Lease Events
CN103139326A (en) * 2013-03-06 2013-06-05 中国联合网络通信集团有限公司 Method, device and system for tracing internet protocol (IP)
CN103561127A (en) * 2013-11-01 2014-02-05 中国联合网络通信集团有限公司 Method and system for tracing source of user
CN103731515A (en) * 2014-01-15 2014-04-16 中国联合网络通信集团有限公司 Internet protocol (IP) source tracing method, device and system
CN110061993A (en) * 2019-04-23 2019-07-26 新华三技术有限公司 A kind of log generation method, device and access device comprising public network exit address
CN110401614A (en) * 2018-04-24 2019-11-01 中移(杭州)信息技术有限公司 The source tracing method and device of malice domain name

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130067062A1 (en) * 2011-09-12 2013-03-14 Microsoft Corporation Correlation of Users to IP Address Lease Events
CN103139326A (en) * 2013-03-06 2013-06-05 中国联合网络通信集团有限公司 Method, device and system for tracing internet protocol (IP)
CN103561127A (en) * 2013-11-01 2014-02-05 中国联合网络通信集团有限公司 Method and system for tracing source of user
CN103731515A (en) * 2014-01-15 2014-04-16 中国联合网络通信集团有限公司 Internet protocol (IP) source tracing method, device and system
CN110401614A (en) * 2018-04-24 2019-11-01 中移(杭州)信息技术有限公司 The source tracing method and device of malice domain name
CN110061993A (en) * 2019-04-23 2019-07-26 新华三技术有限公司 A kind of log generation method, device and access device comprising public network exit address

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114173346A (en) * 2021-12-01 2022-03-11 恒安嘉新(北京)科技股份公司 Coverage detection method, device, equipment and medium for malicious program monitoring system
CN114173346B (en) * 2021-12-01 2024-04-12 恒安嘉新(北京)科技股份公司 Coverage detection method, device, equipment and medium of malicious program monitoring system

Also Published As

Publication number Publication date
CN112866005B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
CN108737325B (en) Multi-tenant data isolation method, device and system
US9230006B2 (en) Remote access to tracking system contact information
CN106919634B (en) Method for sharing data across applications and web browser
CN114385091B (en) Method and device for realizing network disk drive character, network disk and storage medium
CN108093026B (en) Method and device for processing multi-tenant request
CN110134869B (en) Information pushing method, device, equipment and storage medium
CN107423037B (en) Application program interface positioning method and device
CN111694866A (en) Data searching and storing method, data searching system, data searching device, data searching equipment and data searching medium
CN112866005B (en) Method, device and equipment for processing user access log and storage medium
CN110677307B (en) Service monitoring method, device, equipment and storage medium
CN113992382A (en) Service data processing method and device, electronic equipment and storage medium
CN109286684B (en) Communication connection processing method and device, proxy server and storage medium
US8326919B1 (en) Network address translation auto-discovery in data storage networks
CN113206850A (en) Malicious sample message information acquisition method, device, equipment and storage medium
CN110096543B (en) Data operation method, device, server and medium of application program
CN111245944A (en) Domain name resolution method and device, electronic equipment and storage medium
CN107273423B (en) Multimedia message data processing method, device and system
CN112671952B (en) IP detection method, device, equipment and storage medium
CN111970250B (en) Method for identifying account sharing, electronic device and storage medium
CN114297495A (en) Service data searching method and device, electronic equipment and storage medium
CN110753136B (en) Domain name resolution method, device, equipment and storage medium
CN112395141B (en) Data page management method and device, electronic equipment and storage medium
CN114338279A (en) Terminal access method and device and server
CN110187911B (en) Client software generation method and device and electronic equipment
CN115913683B (en) Risk access record generation method, apparatus, device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant